Module: Sanitize::Rails::Engine
Instance Method Summary collapse
-
#callback_for(options) ⇒ Object
:nodoc:.
-
#clean(string) ⇒ Object
Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`.
-
#clean!(string) ⇒ Object
Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`.
-
#cleaner ⇒ Object
Returns a memoized instance of the Engine with the configuration passed to the
configure
method or with the ActionView’s default config. - #config ⇒ Object
-
#configure(config) ⇒ Object
Changes the Sanitizer configuration.
-
#method_for(fields) ⇒ Object
:nodoc:.
Instance Method Details
#callback_for(options) ⇒ Object
:nodoc:
63 64 65 66 67 68 69 70 71 |
# File 'lib/sanitize/rails/engine.rb', line 63 def callback_for() #:nodoc: point = ([:on] || 'save').to_s unless %w( save create ).include?(point) raise ArgumentError, "Invalid callback point #{point}, valid ones are :save and :create" end "before_#{point}".intern end |
#clean(string) ⇒ Object
Returns a copy of the given ‘string` after sanitizing it and marking it as `html_safe`
Ensuring this methods return instances of ActiveSupport::SafeBuffer means that text passed through ‘Sanitize::Rails::Engine.clean` will not be escaped by ActionView’s XSS filtering utilities.
52 53 54 |
# File 'lib/sanitize/rails/engine.rb', line 52 def clean(string) ::ActiveSupport::SafeBuffer.new cleaned_fragment(string) end |
#clean!(string) ⇒ Object
Sanitizes the given ‘string` in place and does NOT mark it as `html_safe`
58 59 60 61 |
# File 'lib/sanitize/rails/engine.rb', line 58 def clean!(string) return '' if string.nil? string.replace cleaned_fragment(string) end |
#cleaner ⇒ Object
Returns a memoized instance of the Engine with the configuration passed to the configure
method or with the ActionView’s default config
42 43 44 |
# File 'lib/sanitize/rails/engine.rb', line 42 def cleaner @_cleaner ||= ::Sanitize.new(config) end |
#config ⇒ Object
25 26 27 28 29 30 31 |
# File 'lib/sanitize/rails/engine.rb', line 25 def config @_config ||= { :elements => ::ActionView::Base..to_a, :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a }, :protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a } } end |
#configure(config) ⇒ Object
Changes the Sanitizer configuration.
8 9 10 11 |
# File 'lib/sanitize/rails/engine.rb', line 8 def configure(config) @_config = config.freeze @_cleaner = nil end |
#method_for(fields) ⇒ Object
:nodoc:
73 74 75 |
# File 'lib/sanitize/rails/engine.rb', line 73 def method_for(fields) #:nodoc: "sanitize_#{fields.join('_')}".intern end |