Class: Banzai::Filter::SanitizationFilter
- Inherits:
-
BaseSanitizationFilter
- Object
- HTML::Pipeline::SanitizationFilter
- BaseSanitizationFilter
- Banzai::Filter::SanitizationFilter
- Defined in:
- lib/banzai/filter/sanitization_filter.rb
Overview
Sanitize HTML produced by Markdown.
Extends Banzai::Filter::BaseSanitizationFilter with specific rules.
Constant Summary collapse
- TABLE_ALIGNMENT_PATTERN =
Styles used by Markdown for table alignment
/text-align: (?<alignment>center|left|right)/
Constants inherited from BaseSanitizationFilter
BaseSanitizationFilter::UNSAFE_PROTOCOLS
Constants included from Gitlab::Utils::SanitizeNodeLink
Gitlab::Utils::SanitizeNodeLink::ATTRS_TO_SANITIZE, Gitlab::Utils::SanitizeNodeLink::UNSAFE_PROTOCOLS
Class Method Summary collapse
Instance Method Summary collapse
Methods inherited from BaseSanitizationFilter
Methods included from Gitlab::Utils::SanitizeNodeLink
#remove_unsafe_links, #safe_protocol?, #sanitize_unsafe_links
Class Method Details
.remove_non_footnote_ids ⇒ Object
58 59 60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/banzai/filter/sanitization_filter.rb', line 58 def remove_non_footnote_ids lambda do |env| node = env[:node] return unless node.name == 'a' || node.name == 'li' return unless node.has_attribute?('id') return if node.name == 'a' && node['id'] =~ Banzai::Filter::FootnoteFilter::FOOTNOTE_LINK_REFERENCE_PATTERN return if node.name == 'li' && node['id'] =~ Banzai::Filter::FootnoteFilter::FOOTNOTE_LI_REFERENCE_PATTERN node.remove_attribute('id') end end |
.remove_unsafe_table_style ⇒ Object
43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/banzai/filter/sanitization_filter.rb', line 43 def remove_unsafe_table_style lambda do |env| node = env[:node] return unless node.name == 'th' || node.name == 'td' return unless node.has_attribute?('style') if node['style'] =~ TABLE_ALIGNMENT_PATTERN node['style'] = "text-align: #{$~[:alignment]}" else node.remove_attribute('style') end end end |
Instance Method Details
#customize_allowlist(allowlist) ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# File 'lib/banzai/filter/sanitization_filter.rb', line 12 def customize_allowlist(allowlist) allowlist[:allow_comments] = context[:allow_comments] # Allow table alignment; we allow specific text-align values in a # transformer below allowlist[:attributes]['th'] = %w[style] allowlist[:attributes]['td'] = %w[style] allowlist[:css] = { properties: ['text-align'] } # Allow the 'data-sourcepos' from CommonMark on all elements allowlist[:attributes][:all].push('data-sourcepos') allowlist[:attributes][:all].push('data-escaped-char') # Remove any `style` properties not required for table alignment allowlist[:transformers].push(self.class.remove_unsafe_table_style) # Allow `id` in a and li elements for footnotes # and remove any `id` properties not matching for footnotes allowlist[:attributes]['a'].push('id') allowlist[:attributes]['li'] = %w[id] allowlist[:transformers].push(self.class.remove_non_footnote_ids) # Allow section elements with data-footnotes attribute allowlist[:elements].push('section') allowlist[:attributes]['section'] = %w[data-footnotes] allowlist[:attributes]['a'].push('data-footnote-ref', 'data-footnote-backref', 'data-footnote-backref-idx') allowlist end |