diff options
author | Timm <kaspth@gmail.com> | 2014-05-23 23:21:01 +0200 |
---|---|---|
committer | Timm <kaspth@gmail.com> | 2014-06-16 21:04:23 +0200 |
commit | 427f3f90d4b20260a6de0990b05b74784a457ff0 (patch) | |
tree | 230325e48b0aa7ccb4d451a1d0d803acdf84f07a /actionview/lib/action_view/helpers/sanitize_helper.rb | |
parent | 5d3a29229ba0a52c78d13aad99ac508f96778d77 (diff) | |
download | rails-427f3f90d4b20260a6de0990b05b74784a457ff0.tar.gz rails-427f3f90d4b20260a6de0990b05b74784a457ff0.tar.bz2 rails-427f3f90d4b20260a6de0990b05b74784a457ff0.zip |
Add a layer of indirection making sanitizers pluggable.
Diffstat (limited to 'actionview/lib/action_view/helpers/sanitize_helper.rb')
-rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper.rb | 11 |
1 files changed, 8 insertions, 3 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index 1acb8d5648..f205a988b4 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -137,6 +137,11 @@ module ActionView define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") } end + # A class to vendor out the full, link and white list sanitizers + # Can be set to either HTML::Scanner or HTML::Sanitizer + mattr_accessor :sanitizer_vendor + self.sanitizer_vendor = HTML::Scanner + def sanitized_allowed_tags HTML::WhiteListSanitizer.allowed_tags end @@ -153,7 +158,7 @@ module ActionView # end # def full_sanitizer - @full_sanitizer ||= Rails::Html::FullSanitizer.new + @full_sanitizer ||= sanitizer_vendor.full_sanitizer.new end # Gets the Rails::Html::LinkSanitizer instance used by +strip_links+. @@ -164,7 +169,7 @@ module ActionView # end # def link_sanitizer - @link_sanitizer ||= Rails::Html::LinkSanitizer.new + @link_sanitizer ||= sanitizer_vendor.link_sanitizer.new end # Gets the Rails::Html::WhiteListSanitizer instance used by sanitize and +sanitize_css+. @@ -175,7 +180,7 @@ module ActionView # end # def white_list_sanitizer - @white_list_sanitizer ||= Rails::Html::WhiteListSanitizer.new + @white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new end # Replaces the allowed tags for the +sanitize+ helper. |