diff options
| author | Javan Makhmali <javan@javan.us> | 2019-04-22 10:08:15 -0400 |
|---|---|---|
| committer | Javan Makhmali <javan@javan.us> | 2019-04-22 10:15:25 -0400 |
| commit | 0ec2a907545e47f816993b9fd8cabb552454b1a2 (patch) | |
| tree | 236ae305e2042c41505bee1e9ac168ff8d889b86 /actiontext/app | |
| parent | 5454cc40c5de850db7dfcef1e97f30c255299f22 (diff) | |
| download | rails-0ec2a907545e47f816993b9fd8cabb552454b1a2.tar.gz rails-0ec2a907545e47f816993b9fd8cabb552454b1a2.tar.bz2 rails-0ec2a907545e47f816993b9fd8cabb552454b1a2.zip | |
Make Action Text's rendering helpers more configurable
- Allow configuring the sanitizer and its options
- Split attachment rendering and sanitizing helpers so each can be overridden by applications
Diffstat (limited to 'actiontext/app')
| -rw-r--r-- | actiontext/app/helpers/action_text/content_helper.rb | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/actiontext/app/helpers/action_text/content_helper.rb b/actiontext/app/helpers/action_text/content_helper.rb index 2005033d5c..ed2887d865 100644 --- a/actiontext/app/helpers/action_text/content_helper.rb +++ b/actiontext/app/helpers/action_text/content_helper.rb @@ -4,20 +4,27 @@ require "rails-html-sanitizer" module ActionText module ContentHelper - SANITIZER = Rails::Html::Sanitizer.white_list_sanitizer - ALLOWED_TAGS = SANITIZER.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] - ALLOWED_ATTRIBUTES = SANITIZER.allowed_attributes + ActionText::Attachment::ATTRIBUTES + mattr_accessor(:sanitizer) { Rails::Html::Sanitizer.white_list_sanitizer.new } + mattr_accessor(:allowed_tags) { sanitizer.class.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] } + mattr_accessor(:allowed_attributes) { sanitizer.class.allowed_attributes + ActionText::Attachment::ATTRIBUTES } + mattr_accessor(:scrubber) def render_action_text_content(content) - content = content.render_attachments do |attachment| + sanitize_action_text_content(render_action_text_attachments(content)) + end + + def sanitize_action_text_content(content) + sanitizer.sanitize(content.to_html, tags: allowed_tags, attributes: allowed_attributes, scrubber: scrubber).html_safe + end + + def render_action_text_attachments(content) + content.render_attachments do |attachment| unless attachment.in?(content.gallery_attachments) attachment.node.tap do |node| node.inner_html = render(attachment, in_gallery: false).chomp end end - end - - content = content.render_attachment_galleries do |attachment_gallery| + end.render_attachment_galleries do |attachment_gallery| render(layout: attachment_gallery, object: attachment_gallery) do attachment_gallery.attachments.map do |attachment| attachment.node.inner_html = render(attachment, in_gallery: true).chomp @@ -25,8 +32,6 @@ module ActionText end.join("").html_safe end.chomp end - - sanitize content.to_html, tags: ALLOWED_TAGS, attributes: ALLOWED_ATTRIBUTES end end end |