Class: StringTools::Sanitizer::Base

Inherits:

Object

• Object
• StringTools::Sanitizer::Base

Defined in:

lib/string_tools.rb

Constant Summary

TAGS_WITH_ATTRIBUTES =

{
  'p'     => %w(align style),
  'div'   => %w(align style),
  'span'  => %w(align style),
  'td'    => %w(align width valign colspan rowspan style),
  'th'    => %w(align width valign colspan rowspan style),
  'a'     => %w(href target name style),
  'table' => %w(cellpadding cellspacing width border align style),
  'img'   => %w(src width height style)
}.freeze

TAGS_WITHOUT_ATTRIBUTES =

%w(b strong i em sup sub ul ol li blockquote br tr u caption thead s).freeze

Instance Method Summary

• #sanitize(str, attrs = {}) ⇒ Object

  Public: Sanitize string str - String for sanitize attrs - Hash, custom attributes, defaults empty hash remove_contents - Set of string, tags to be removed protocols - Array of string, protocols using in css properties urls.

Instance Method Details

#sanitize(str, attrs = {}) ⇒ Object

Public: Sanitize string str - String for sanitize attrs - Hash, custom attributes, defaults empty hash

remove_contents - Set of string, tags to be removed
protocols - Array of string, protocols using in css properties urls

# File 'lib/string_tools.rb', line 163

def sanitize(str, attrs = {})
  # для корректного обрезания utf строчек режем через mb_chars
  # для защиты от перегрузки парсера пропускаем максимум 1 мегабайт текста
  # длина русского символа в utf-8 - 2 байта, 1Мб/2б = 524288 = 2**19 символов
  # длина по символам с перестраховкой, т.к. латинские символы(теги, например) занимают 1 байт
  str = str.mb_chars.slice(0..(2**19)).to_s

  remove_contents = attrs.delete(:remove_contents)
  protocols = attrs.delete(:protocols) || []

  # Мерджим добавочные теги и атрибуты
  attributes = TAGS_WITH_ATTRIBUTES.merge(attrs)
  elements = attributes.keys | TAGS_WITHOUT_ATTRIBUTES

  transformers = [LINK_NORMALIZER]
  transformers << IframeNormalizer.new(attributes['iframe']) if attributes.key?('iframe')

  Sanitize.fragment(
    str,
    :attributes => attributes,
    :elements => elements,
    :css => {:properties => Sanitize::Config::RELAXED[:css][:properties], protocols: protocols},
    :remove_contents => remove_contents || Set['style', 'script'],
    :allow_comments => false,
    :transformers => transformers
  )
end