diff options
Diffstat (limited to 'actionpack/lib/action_view/helpers/sanitize_helper.rb')
| -rw-r--r-- | actionpack/lib/action_view/helpers/sanitize_helper.rb | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/actionpack/lib/action_view/helpers/sanitize_helper.rb b/actionpack/lib/action_view/helpers/sanitize_helper.rb index ba74217c12..a727b910e5 100644 --- a/actionpack/lib/action_view/helpers/sanitize_helper.rb +++ b/actionpack/lib/action_view/helpers/sanitize_helper.rb @@ -55,6 +55,7 @@ module ActionView # resulting markup is valid (conforming to a document type) or even well-formed. # The output may still contain e.g. unescaped '<', '>', '&' characters and # confuse browsers. + # def sanitize(html, options = {}) self.class.white_list_sanitizer.sanitize(html, options).try(:html_safe) end @@ -143,6 +144,7 @@ module ActionView # class Application < Rails::Application # config.action_view.full_sanitizer = MySpecialSanitizer.new # end + # def full_sanitizer @full_sanitizer ||= HTML::FullSanitizer.new end @@ -153,6 +155,7 @@ module ActionView # class Application < Rails::Application # config.action_view.link_sanitizer = MySpecialSanitizer.new # end + # def link_sanitizer @link_sanitizer ||= HTML::LinkSanitizer.new end @@ -163,6 +166,7 @@ module ActionView # class Application < Rails::Application # config.action_view.white_list_sanitizer = MySpecialSanitizer.new # end + # def white_list_sanitizer @white_list_sanitizer ||= HTML::WhiteListSanitizer.new end @@ -172,6 +176,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_uri_attributes = 'lowsrc', 'target' # end + # def sanitized_uri_attributes=(attributes) HTML::WhiteListSanitizer.uri_attributes.merge(attributes) end @@ -181,6 +186,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_bad_tags = 'embed', 'object' # end + # def sanitized_bad_tags=(attributes) HTML::WhiteListSanitizer.bad_tags.merge(attributes) end @@ -190,6 +196,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td' # end + # def sanitized_allowed_tags=(attributes) HTML::WhiteListSanitizer.allowed_tags.merge(attributes) end @@ -199,6 +206,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc' # end + # def sanitized_allowed_attributes=(attributes) HTML::WhiteListSanitizer.allowed_attributes.merge(attributes) end @@ -208,6 +216,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_allowed_css_properties = 'expression' # end + # def sanitized_allowed_css_properties=(attributes) HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes) end @@ -217,6 +226,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_allowed_css_keywords = 'expression' # end + # def sanitized_allowed_css_keywords=(attributes) HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes) end @@ -226,6 +236,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_shorthand_css_properties = 'expression' # end + # def sanitized_shorthand_css_properties=(attributes) HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes) end @@ -235,6 +246,7 @@ module ActionView # class Application < Rails::Application # config.action_view.sanitized_allowed_protocols = 'ssh', 'feed' # end + # def sanitized_allowed_protocols=(attributes) HTML::WhiteListSanitizer.allowed_protocols.merge(attributes) end |