diff options
| author | Javan Makhmali <javan@javan.us> | 2018-10-03 17:49:32 -0400 |
|---|---|---|
| committer | Javan Makhmali <javan@javan.us> | 2018-10-03 17:49:32 -0400 |
| commit | 598ef2ee82a4c502deba678ed9191f5f40930132 (patch) | |
| tree | 1f23eb17e371230f6e1f82fd6504a87d4bfc7aab /app | |
| parent | aa1d46389a8cc9635f4354b3e7be70a8361ed7ed (diff) | |
| download | rails-598ef2ee82a4c502deba678ed9191f5f40930132.tar.gz rails-598ef2ee82a4c502deba678ed9191f5f40930132.tar.bz2 rails-598ef2ee82a4c502deba678ed9191f5f40930132.zip | |
Customize tag and attribute sanitization
Fixes #6
Diffstat (limited to 'app')
| -rw-r--r-- | app/helpers/action_text/content_helper.rb | 6 | ||||
| -rw-r--r-- | app/views/action_text/content/_layout.html.erb | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/app/helpers/action_text/content_helper.rb b/app/helpers/action_text/content_helper.rb index 6d00eee648..d6ced93502 100644 --- a/app/helpers/action_text/content_helper.rb +++ b/app/helpers/action_text/content_helper.rb @@ -18,7 +18,11 @@ module ActionText end.chomp end - content.to_html + sanitize content.to_html, tags: ActionText::ALLOWED_TAGS, attributes: ActionText::ALLOWED_ATTRIBUTES end end + + SANITIZER = Rails::Html::Sanitizer.white_list_sanitizer + ALLOWED_TAGS = SANITIZER.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] + ALLOWED_ATTRIBUTES = SANITIZER.allowed_attributes + ActionText::Attachment::ATTRIBUTES end diff --git a/app/views/action_text/content/_layout.html.erb b/app/views/action_text/content/_layout.html.erb index 60d65cd0d5..55cb708ac4 100644 --- a/app/views/action_text/content/_layout.html.erb +++ b/app/views/action_text/content/_layout.html.erb @@ -1,3 +1,3 @@ <div class="trix-content"> - <%= sanitize render_action_text_content(content) %> + <%= render_action_text_content(content) %> </div> |