class SanitizeEmail::Bleach

Determines whether to sanitize the headers of an email,

and does so when appropriate.

Attributes

overridden_addresses[RW]

Public Class Methods

delivering_email(message) click to toggle source

If all recipient addresses are white-listed the field is left alone.

# File lib/sanitize_email/bleach.rb, line 18
def self.delivering_email(message)
  return nil unless sanitize_engaged?(message)
  SanitizeEmail::MailHeaderTools.
    add_original_addresses_as_headers(message)
  SanitizeEmail::MailHeaderTools.
    prepend_custom_subject(message)

  overridden = SanitizeEmail::OverriddenAddresses.new(message)

  message.to = overridden.overridden_to
  message.cc = overridden.overridden_cc
  message.bcc = overridden.overridden_bcc
end
new(*args) click to toggle source
# File lib/sanitize_email/bleach.rb, line 13
def initialize(*args)
  deprecation_message unless args.empty?
end
sanitize_engaged?(message) click to toggle source

Will be called by the Hook to determine if an override should occur There are three ways SanitizeEmail can be turned on;

in order of precedence they are:
  1. SanitizeEmail.force_sanitize = true # by default it is nil

Only useful for local context.
Inside a method where you will be sending an email, set

  SanitizeEmail.force_sanitize = true

just prior to delivering it.  Also useful in the console.
  1. If SanitizeEmail seems to not be sanitizing,

    you have probably not registered the interceptor.
SanitizeEmail tries to do this for you.
*Note*: If you are working in an environment that has
        a Mail or Mailer class that uses the register_interceptor API,
        the interceptor will already have been registered.
The gem will probably have already done this for you,
but some really old versions of Rails may need you to do this manually:

  Mail.register_interceptor(SanitizeEmail::Bleach)

Once registered, SanitizeEmail needs to be engaged:

  # in config/initializers/sanitize_email.rb
  SanitizeEmail::Config.configure {|config| config[:engage] = true }
  1. SanitizeEmail::Config.configure do |config|

    config[:activation_proc] = Proc.new { true }
    

    end

If you don't need to compute anything,
  then don't use the Proc, go with the previous option.

Note: Number 1 is the method used by the SanitizeEmail.sanitary block Note: Number 2 You may need to setup your own register_interceptor

If installed but not configured, sanitize_email DOES NOTHING. Until configured the defaults leave it turned off.

# File lib/sanitize_email/bleach.rb, line 72
def self.sanitize_engaged?(message)
  # Don't sanitize the message if it will not be delivered
  return false unless message.perform_deliveries

  # Has it been forced via the force_sanitize mattr?
  forced = SanitizeEmail.force_sanitize
  return forced unless forced.nil?

  # Is this particular instance of Bleach engaged
  engaged = SanitizeEmail::Config.config[:engage]
  return engaged unless engaged.nil?

  # Should we sanitize due to the activation_proc?
  SanitizeEmail.activate?(message)
end

Private Instance Methods

deprecation_message() click to toggle source
# File lib/sanitize_email/bleach.rb, line 90
    def deprecation_message
      deprecation = <<~DEPRECATION
        SanitizeEmail:
          Passing arguments to SanitizeEmail::Bleach.new is deprecated.
          SanitizeEmail::Bleach.new now takes no arguments.
      DEPRECATION
      self.class.deprecation_warning_message(deprecation)
    end