aboutsummaryrefslogtreecommitdiffstats
path: root/actionview/lib/action_view/helpers/sanitize_helper.rb
diff options
context:
space:
mode:
authorTimm <kaspth@gmail.com>2014-05-23 23:21:01 +0200
committerTimm <kaspth@gmail.com>2014-06-16 21:04:23 +0200
commit427f3f90d4b20260a6de0990b05b74784a457ff0 (patch)
tree230325e48b0aa7ccb4d451a1d0d803acdf84f07a /actionview/lib/action_view/helpers/sanitize_helper.rb
parent5d3a29229ba0a52c78d13aad99ac508f96778d77 (diff)
downloadrails-427f3f90d4b20260a6de0990b05b74784a457ff0.tar.gz
rails-427f3f90d4b20260a6de0990b05b74784a457ff0.tar.bz2
rails-427f3f90d4b20260a6de0990b05b74784a457ff0.zip
Add a layer of indirection making sanitizers pluggable.
Diffstat (limited to 'actionview/lib/action_view/helpers/sanitize_helper.rb')
-rw-r--r--actionview/lib/action_view/helpers/sanitize_helper.rb11
1 files changed, 8 insertions, 3 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb
index 1acb8d5648..f205a988b4 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@@ -137,6 +137,11 @@ module ActionView
define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") }
end
+ # A class to vendor out the full, link and white list sanitizers
+ # Can be set to either HTML::Scanner or HTML::Sanitizer
+ mattr_accessor :sanitizer_vendor
+ self.sanitizer_vendor = HTML::Scanner
+
def sanitized_allowed_tags
HTML::WhiteListSanitizer.allowed_tags
end
@@ -153,7 +158,7 @@ module ActionView
# end
#
def full_sanitizer
- @full_sanitizer ||= Rails::Html::FullSanitizer.new
+ @full_sanitizer ||= sanitizer_vendor.full_sanitizer.new
end
# Gets the Rails::Html::LinkSanitizer instance used by +strip_links+.
@@ -164,7 +169,7 @@ module ActionView
# end
#
def link_sanitizer
- @link_sanitizer ||= Rails::Html::LinkSanitizer.new
+ @link_sanitizer ||= sanitizer_vendor.link_sanitizer.new
end
# Gets the Rails::Html::WhiteListSanitizer instance used by sanitize and +sanitize_css+.
@@ -175,7 +180,7 @@ module ActionView
# end
#
def white_list_sanitizer
- @white_list_sanitizer ||= Rails::Html::WhiteListSanitizer.new
+ @white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new
end
# Replaces the allowed tags for the +sanitize+ helper.