module Rails::HTML::Concern::Scrubber::SafeList
Constants
- DEFAULT_ALLOWED_ATTRIBUTES
The default safe list for attributes
- DEFAULT_ALLOWED_TAGS
The default safe list for tags
Public Class Methods
included(klass)
click to toggle source
# File lib/rails/html/sanitizer.rb, line 141 def self.included(klass) class << klass attr_accessor :allowed_tags attr_accessor :allowed_attributes end klass.allowed_tags = DEFAULT_ALLOWED_TAGS.dup klass.allowed_attributes = DEFAULT_ALLOWED_ATTRIBUTES.dup end
new(prune: false)
click to toggle source
# File lib/rails/html/sanitizer.rb, line 151 def initialize(prune: false) @permit_scrubber = PermitScrubber.new(prune: prune) end
Public Instance Methods
sanitize_css(style_string)
click to toggle source
# File lib/rails/html/sanitizer.rb, line 168 def sanitize_css(style_string) Loofah::HTML5::Scrub.scrub_css(style_string) end
scrub(fragment, options = {})
click to toggle source
# File lib/rails/html/sanitizer.rb, line 155 def scrub(fragment, options = {}) if scrubber = options[:scrubber] # No duck typing, Loofah ensures subclass of Loofah::Scrubber fragment.scrub!(scrubber) elsif allowed_tags(options) || allowed_attributes(options) @permit_scrubber.tags = allowed_tags(options) @permit_scrubber.attributes = allowed_attributes(options) fragment.scrub!(@permit_scrubber) else fragment.scrub!(:strip) end end
Private Instance Methods
allowed_attributes(options)
click to toggle source
# File lib/rails/html/sanitizer.rb, line 177 def allowed_attributes(options) options[:attributes] || self.class.allowed_attributes end