aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--actionview/lib/action_view/helpers/sanitize_helper.rb11
-rw-r--r--actionview/lib/action_view/vendor/html-scanner.rb1
-rw-r--r--actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb14
3 files changed, 23 insertions, 3 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb
index 1acb8d5648..f205a988b4 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@@ -137,6 +137,11 @@ module ActionView
define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") }
end
+ # A class to vendor out the full, link and white list sanitizers
+ # Can be set to either HTML::Scanner or HTML::Sanitizer
+ mattr_accessor :sanitizer_vendor
+ self.sanitizer_vendor = HTML::Scanner
+
def sanitized_allowed_tags
HTML::WhiteListSanitizer.allowed_tags
end
@@ -153,7 +158,7 @@ module ActionView
# end
#
def full_sanitizer
- @full_sanitizer ||= Rails::Html::FullSanitizer.new
+ @full_sanitizer ||= sanitizer_vendor.full_sanitizer.new
end
# Gets the Rails::Html::LinkSanitizer instance used by +strip_links+.
@@ -164,7 +169,7 @@ module ActionView
# end
#
def link_sanitizer
- @link_sanitizer ||= Rails::Html::LinkSanitizer.new
+ @link_sanitizer ||= sanitizer_vendor.link_sanitizer.new
end
# Gets the Rails::Html::WhiteListSanitizer instance used by sanitize and +sanitize_css+.
@@ -175,7 +180,7 @@ module ActionView
# end
#
def white_list_sanitizer
- @white_list_sanitizer ||= Rails::Html::WhiteListSanitizer.new
+ @white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new
end
# Replaces the allowed tags for the +sanitize+ helper.
diff --git a/actionview/lib/action_view/vendor/html-scanner.rb b/actionview/lib/action_view/vendor/html-scanner.rb
index fa31b5107b..e76e15a51b 100644
--- a/actionview/lib/action_view/vendor/html-scanner.rb
+++ b/actionview/lib/action_view/vendor/html-scanner.rb
@@ -7,6 +7,7 @@ module HTML
extend ActiveSupport::Autoload
eager_autoload do
+ autoload :Scanner, 'html/sanitizer'
autoload :CDATA, 'html/node'
autoload :Document, 'html/document'
autoload :FullSanitizer, 'html/sanitizer'
diff --git a/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb b/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb
index ed34eecf55..36ec3ef6b3 100644
--- a/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb
+++ b/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb
@@ -3,6 +3,20 @@ require 'cgi'
require 'active_support/core_ext/module/attribute_accessors'
module HTML
+ module Scanner
+ def full_sanitizer
+ HTML::FullSanitizer
+ end
+
+ def link_sanitizer
+ HTML::LinkSanitizer
+ end
+
+ def white_list_sanitizer
+ HTML::WhiteListSanitizer
+ end
+ end
+
class Sanitizer
def sanitize(text, options = {})
validate_options(options)
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-29 08:03:32 +0000