From 598ef2ee82a4c502deba678ed9191f5f40930132 Mon Sep 17 00:00:00 2001
From: Javan Makhmali <javan@javan.us>
Date: Wed, 3 Oct 2018 17:49:32 -0400
Subject: Customize tag and attribute sanitization

Fixes #6
---
 app/helpers/action_text/content_helper.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'app/helpers')

diff --git a/app/helpers/action_text/content_helper.rb b/app/helpers/action_text/content_helper.rb
index 6d00eee648..d6ced93502 100644
--- a/app/helpers/action_text/content_helper.rb
+++ b/app/helpers/action_text/content_helper.rb
@@ -18,7 +18,11 @@ module ActionText
         end.chomp
       end
 
-      content.to_html
+      sanitize content.to_html, tags: ActionText::ALLOWED_TAGS, attributes: ActionText::ALLOWED_ATTRIBUTES
     end
   end
+
+  SANITIZER = Rails::Html::Sanitizer.white_list_sanitizer
+  ALLOWED_TAGS = SANITIZER.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ]
+  ALLOWED_ATTRIBUTES = SANITIZER.allowed_attributes + ActionText::Attachment::ATTRIBUTES
 end
-- 
cgit v1.2.3