Class: Qiita::Markdown::Filters::FinalSanitizer
- Inherits:
-
HTML::Pipeline::Filter
- Object
- HTML::Pipeline::Filter
- Qiita::Markdown::Filters::FinalSanitizer
- Defined in:
- lib/qiita/markdown/filters/final_sanitizer.rb
Overview
Sanitizes undesirable elements by whitelist-based rule. You can pass optional :rule and :script context.
Since this filter is applied at the end of html-pipeline, it’s rules are intentionally weakened to allow elements and attributes which are generated by other filters.
Constant Summary collapse
- RULE =
{ attributes: { "a" => [ "data-hovercard-target-name", "data-hovercard-target-type", "href", "rel", ], "blockquote" => Embed::Tweet::ATTRIBUTES, "iframe" => [ "allowfullscreen", "frameborder", "height", "marginheight", "marginwidth", "scrolling", "src", "style", "width", ], "img" => [ "src", ], "input" => [ "checked", "disabled", "type", ], "div" => [ "itemscope", "itemtype", ], "p" => Embed::CodePen::ATTRIBUTES, "script" => [ "async", "src", "type", ].concat( Embed::SpeekerDeck::ATTRIBUTES, ), "span" => [ "style", ], "td" => [ "style", ], "th" => [ "style", ], "video" => [ "src", "autoplay", "controls", "loop", "muted", "poster", ], all: [ "abbr", "align", "alt", "border", "cellpadding", "cellspacing", "cite", "class", "color", "cols", "colspan", "data-lang", "datetime", "height", "hreflang", "id", "itemprop", "lang", "name", "rowspan", "tabindex", "target", "title", "width", ], }, css: { properties: [ "text-align", "background-color", ], }, elements: [ "a", "b", "blockquote", "br", "code", "dd", "del", "details", "div", "dl", "dt", "em", "font", "h1", "h2", "h3", "h4", "h5", "h6", "h7", "h8", "hr", "i", "img", "input", "ins", "kbd", "li", "ol", "p", "pre", "q", "rp", "rt", "ruby", "s", "samp", "script", "iframe", "span", "strike", "strong", "sub", "summary", "sup", "table", "tbody", "td", "tfoot", "th", "thead", "tr", "tt", "ul", "var", ], protocols: { "a" => { "href" => [ :relative, "http", "https", "mailto", ], }, "img" => { "src" => [ :relative, "http", "https", ], }, "video" => { "src" => [ :relative, "http", "https", ], "poster" => [ :relative, "http", "https", ], }, }, transformers: [ Transformers::StripInvalidNode, Transformers::FilterScript, Transformers::FilterIframe, ], }.freeze
- SCRIPTABLE_RULE =
RULE.dup.tap do |rule| rule[:attributes] = RULE[:attributes].dup rule[:attributes][:all] = rule[:attributes][:all] + [:data] rule[:elements] = RULE[:elements] + ["video"] rule[:transformers] = rule[:transformers] - [Transformers::FilterScript, Transformers::FilterIframe] end
Instance Method Summary collapse
Instance Method Details
#call ⇒ Object
203 204 205 206 |
# File 'lib/qiita/markdown/filters/final_sanitizer.rb', line 203 def call ::Sanitize.clean_node!(doc, rule) doc end |