Module: Rails::HTML::Concern::SafeList

Included in:: Rails::HTML4::SafeListSanitizer

Defined in:: lib/wasmify/rails/shims/rails-html-sanitizer.rb

Constant Summary collapse

DEFAULT_ALLOWED_TAGS = The default safe list for tags

Set.new([
  "a",
  "abbr",
  "acronym",
  "address",
  "b",
  "big",
  "blockquote",
  "br",
  "cite",
  "code",
  "dd",
  "del",
  "dfn",
  "div",
  "dl",
  "dt",
  "em",
  "h1",
  "h2",
  "h3",
  "h4",
  "h5",
  "h6",
  "hr",
  "i",
  "img",
  "ins",
  "kbd",
  "li",
  "mark",
  "ol",
  "p",
  "pre",
  "samp",
  "small",
  "span",
  "strong",
  "sub",
  "sup",
  "time",
  "tt",
  "ul",
  "var",
]).freeze

DEFAULT_ALLOWED_ATTRIBUTES = The default safe list for attributes

Set.new([
  "abbr",
  "alt",
  "cite",
  "class",
  "datetime",
  "height",
  "href",
  "lang",
  "name",
  "src",
  "title",
  "width",
  "xml:lang",
]).freeze

Class Method Summary collapse

.included(klass) ⇒ Object

Instance Method Summary collapse

Class Method Details

.included(klass) ⇒ `Object`

# File 'lib/wasmify/rails/shims/rails-html-sanitizer.rb', line 92

def self.included(klass)
  class << klass
    attr_accessor :allowed_tags
    attr_accessor :allowed_attributes
  end

  klass.allowed_tags = DEFAULT_ALLOWED_TAGS.dup
  klass.allowed_attributes = DEFAULT_ALLOWED_ATTRIBUTES.dup
end

Instance Method Details

#initialize(prune: false) ⇒ `Object`



102
103
104

# File 'lib/wasmify/rails/shims/rails-html-sanitizer.rb', line 102

def initialize(prune: false)
  @permit_scrubber = PermitScrubber.new(prune: prune)
end

#sanitize_css(style_string) ⇒ `Object`



119
120
121

# File 'lib/wasmify/rails/shims/rails-html-sanitizer.rb', line 119

def sanitize_css(style_string)
  Loofah::HTML5::Scrub.scrub_css(style_string)
end

#scrub(fragment, options = {}) ⇒ `Object`

# File 'lib/wasmify/rails/shims/rails-html-sanitizer.rb', line 106

def scrub(fragment, options = {})
  if scrubber = options[:scrubber]
    # No duck typing, Loofah ensures subclass of Loofah::Scrubber
    fragment.scrub!(scrubber)
  elsif allowed_tags(options) || allowed_attributes(options)
    @permit_scrubber.tags = allowed_tags(options)
    @permit_scrubber.attributes = allowed_attributes(options)
    fragment.scrub!(@permit_scrubber)
  else
    fragment.scrub!(:strip)
  end
end

Module: Rails::HTML::Concern::SafeList

Constant Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.included(klass) ⇒ Object

Instance Method Details

#initialize(prune: false) ⇒ Object

#sanitize_css(style_string) ⇒ Object

#scrub(fragment, options = {}) ⇒ Object

.included(klass) ⇒ `Object`

#initialize(prune: false) ⇒ `Object`

#sanitize_css(style_string) ⇒ `Object`

#scrub(fragment, options = {}) ⇒ `Object`