diff options
| author | Timm <kaspth@gmail.com> | 2014-05-23 23:21:01 +0200 |
|---|---|---|
| committer | Timm <kaspth@gmail.com> | 2014-06-16 21:04:23 +0200 |
| commit | 427f3f90d4b20260a6de0990b05b74784a457ff0 (patch) | |
| tree | 230325e48b0aa7ccb4d451a1d0d803acdf84f07a /actionview/lib | |
| parent | 5d3a29229ba0a52c78d13aad99ac508f96778d77 (diff) | |
| download | rails-427f3f90d4b20260a6de0990b05b74784a457ff0.tar.gz rails-427f3f90d4b20260a6de0990b05b74784a457ff0.tar.bz2 rails-427f3f90d4b20260a6de0990b05b74784a457ff0.zip | |
Add a layer of indirection making sanitizers pluggable.
Diffstat (limited to 'actionview/lib')
3 files changed, 23 insertions, 3 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index 1acb8d5648..f205a988b4 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -137,6 +137,11 @@ module ActionView define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") } end + # A class to vendor out the full, link and white list sanitizers + # Can be set to either HTML::Scanner or HTML::Sanitizer + mattr_accessor :sanitizer_vendor + self.sanitizer_vendor = HTML::Scanner + def sanitized_allowed_tags HTML::WhiteListSanitizer.allowed_tags end @@ -153,7 +158,7 @@ module ActionView # end # def full_sanitizer - @full_sanitizer ||= Rails::Html::FullSanitizer.new + @full_sanitizer ||= sanitizer_vendor.full_sanitizer.new end # Gets the Rails::Html::LinkSanitizer instance used by +strip_links+. @@ -164,7 +169,7 @@ module ActionView # end # def link_sanitizer - @link_sanitizer ||= Rails::Html::LinkSanitizer.new + @link_sanitizer ||= sanitizer_vendor.link_sanitizer.new end # Gets the Rails::Html::WhiteListSanitizer instance used by sanitize and +sanitize_css+. @@ -175,7 +180,7 @@ module ActionView # end # def white_list_sanitizer - @white_list_sanitizer ||= Rails::Html::WhiteListSanitizer.new + @white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new end # Replaces the allowed tags for the +sanitize+ helper. diff --git a/actionview/lib/action_view/vendor/html-scanner.rb b/actionview/lib/action_view/vendor/html-scanner.rb index fa31b5107b..e76e15a51b 100644 --- a/actionview/lib/action_view/vendor/html-scanner.rb +++ b/actionview/lib/action_view/vendor/html-scanner.rb @@ -7,6 +7,7 @@ module HTML extend ActiveSupport::Autoload eager_autoload do + autoload :Scanner, 'html/sanitizer' autoload :CDATA, 'html/node' autoload :Document, 'html/document' autoload :FullSanitizer, 'html/sanitizer' diff --git a/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb b/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb index ed34eecf55..36ec3ef6b3 100644 --- a/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb +++ b/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb @@ -3,6 +3,20 @@ require 'cgi' require 'active_support/core_ext/module/attribute_accessors' module HTML + module Scanner + def full_sanitizer + HTML::FullSanitizer + end + + def link_sanitizer + HTML::LinkSanitizer + end + + def white_list_sanitizer + HTML::WhiteListSanitizer + end + end + class Sanitizer def sanitize(text, options = {}) validate_options(options) |