diff options
Diffstat (limited to 'actionview/lib')
-rw-r--r-- | actionview/lib/action_view/base.rb | 6 | ||||
-rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper.rb | 32 |
2 files changed, 14 insertions, 24 deletions
diff --git a/actionview/lib/action_view/base.rb b/actionview/lib/action_view/base.rb index 86c55ffb51..d1bade0d3d 100644 --- a/actionview/lib/action_view/base.rb +++ b/actionview/lib/action_view/base.rb @@ -10,8 +10,10 @@ require 'action_view/lookup_context' module ActionView #:nodoc: # = Action View Base # - # Action View templates can be written in several ways. If the template file has a <tt>.erb</tt> extension then it uses a mixture of ERB - # (included in Ruby) and HTML. If the template file has a <tt>.builder</tt> extension then Jim Weirich's Builder::XmlMarkup library is used. + # Action View templates can be written in several ways. + # If the template file has a <tt>.erb</tt> extension, then it uses the erubis[https://rubygems.org/gems/erubis] + # template system which can embed Ruby into an HTML document. + # If the template file has a <tt>.builder</tt> extension, then Jim Weirich's Builder::XmlMarkup library is used. # # == ERB # diff --git a/actionview/lib/action_view/helpers/sanitize_helper.rb b/actionview/lib/action_view/helpers/sanitize_helper.rb index dfbc52e3ac..394250f058 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper.rb @@ -121,22 +121,6 @@ module ActionView module ClassMethods #:nodoc: attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer - [:protocol_separator, - :uri_attributes, - :bad_tags, - :allowed_css_properties, - :allowed_css_keywords, - :shorthand_css_properties, - :allowed_protocols].each do |meth| - meth_name = "sanitized_#{meth}" - imp = lambda do |name| - ActiveSupport::Deprecation.warn("#{name} is deprecated and has no effect.") - end - - define_method(meth_name) { imp.(meth_name) } - define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") } - end - # Vendors the full, link and white list sanitizers. # This uses html-scanner for the HTML sanitization. # In the next Rails version this will use Rails::Html::Sanitizer instead. @@ -189,25 +173,29 @@ module ActionView @white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new end + ## + # :method: sanitized_allowed_tags= + # + # :call-seq: sanitized_allowed_tags=(tags) + # # Replaces the allowed tags for the +sanitize+ helper. # # class Application < Rails::Application # config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td' # end # - def sanitized_allowed_tags=(tags) - sanitizer_vendor.white_list_sanitizer.allowed_tags = tags - end + ## + # :method: sanitized_allowed_attributes= + # + # :call-seq: sanitized_allowed_attributes=(attributes) + # # Replaces the allowed HTML attributes for the +sanitize+ helper. # # class Application < Rails::Application # config.action_view.sanitized_allowed_attributes = ['onclick', 'longdesc'] # end # - def sanitized_allowed_attributes=(attributes) - sanitizer_vendor.white_list_sanitizer.allowed_attributes = attributes - end end end end |