aboutsummaryrefslogtreecommitdiffstats
path: root/actionview
diff options
context:
space:
mode:
Diffstat (limited to 'actionview')
-rw-r--r--actionview/lib/action_view/helpers/sanitize_helper/scrubbers.rb27
1 files changed, 15 insertions, 12 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/scrubbers.rb b/actionview/lib/action_view/helpers/sanitize_helper/scrubbers.rb
index 4751d84688..3c8ed6f420 100644
--- a/actionview/lib/action_view/helpers/sanitize_helper/scrubbers.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper/scrubbers.rb
@@ -12,8 +12,11 @@
# Contain an elements allowed attributes.
# If none is set HTML5::Scrub.scrub_attributes implementation will be used.
#
-# Subclass PermitScrubber to provide your own definition of
-# when a node is allowed and how attributes should be scrubbed.
+# Subclass PermitScrubber to provide your own definition of:
+#
+# When a node is allowed via +allowed_node?+
+# When a node should be skipped via +should_skip_node?+
+# Which attributes should be scrubbed via +should_scrub_attributes?+
class PermitScrubber < Loofah::Scrubber
# :nodoc:
attr_reader :tags, :attributes
@@ -48,24 +51,24 @@ class PermitScrubber < Loofah::Scrubber
end
end
+ def should_skip_node?(node)
+ text_or_cdata_node?(node)
+ end
+
+ def should_scrub_attributes?(name)
+ @attributes.exclude?(name)
+ end
+
def scrub_attributes(node)
if @attributes
node.attributes.each do |name, _|
- node.remove_attribute(name) if should_remove_attributes?(name)
+ node.remove_attribute(name) if should_scrub_attributes?(name)
end
else
Loofah::HTML5::Scrub.scrub_attributes(node)
end
end
- def should_skip_node?(node)
- text_or_cdata_node?(node)
- end
-
- def should_remove_attributes?(name)
- @attributes.exclude?(name)
- end
-
def text_or_cdata_node?(node)
case node.type
when Nokogiri::XML::Node::TEXT_NODE, Nokogiri::XML::Node::CDATA_SECTION_NODE
@@ -95,7 +98,7 @@ class TargetScrubber < PermitScrubber
@tags.exclude?(node.name)
end
- def should_remove_attributes?(name)
+ def should_scrub_attributes?(name)
@attributes.include?(name)
end
end