File: //usr/lib/ruby/vendor_ruby/rails/deprecated_sanitizer.rb
require "rails/deprecated_sanitizer/version"
require "rails/deprecated_sanitizer/html-scanner"
require "rails/deprecated_sanitizer/railtie" if defined?(Rails::Railtie)
require "active_support/core_ext/module/remove_method"
module Rails
module DeprecatedSanitizer
extend self
def full_sanitizer
HTML::FullSanitizer
end
def link_sanitizer
HTML::LinkSanitizer
end
def white_list_sanitizer
HTML::WhiteListSanitizer
end
end
end
module ActionView
module Helpers
module SanitizeHelper
module ClassMethods
redefine_method :sanitizer_vendor do
Rails::DeprecatedSanitizer
end
redefine_method :sanitized_protocol_separator do
white_list_sanitizer.protocol_separator
end
redefine_method :sanitized_uri_attributes do
white_list_sanitizer.uri_attributes
end
redefine_method :sanitized_bad_tags do
white_list_sanitizer.bad_tags
end
redefine_method :sanitized_allowed_css_properties do
white_list_sanitizer.allowed_css_properties
end
redefine_method :sanitized_allowed_css_keywords do
white_list_sanitizer.allowed_css_keywords
end
redefine_method :sanitized_shorthand_css_properties do
white_list_sanitizer.shorthand_css_properties
end
redefine_method :sanitized_allowed_protocols do
white_list_sanitizer.allowed_protocols
end
redefine_method :sanitized_protocol_separator= do |value|
white_list_sanitizer.protocol_separator = value
end
# Adds valid HTML attributes that the +sanitize+ helper checks for URIs.
#
# class Application < Rails::Application
# config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
# end
#
redefine_method :sanitized_uri_attributes= do |attributes|
HTML::WhiteListSanitizer.uri_attributes.merge(attributes)
end
# Adds to the Set of 'bad' tags for the +sanitize+ helper.
#
# class Application < Rails::Application
# config.action_view.sanitized_bad_tags = 'embed', 'object'
# end
#
redefine_method :sanitized_bad_tags= do |attributes|
HTML::WhiteListSanitizer.bad_tags.merge(attributes)
end
# Adds to the Set of allowed tags for the +sanitize+ helper.
#
# class Application < Rails::Application
# config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
# end
#
redefine_method :sanitized_allowed_tags= do |attributes|
HTML::WhiteListSanitizer.allowed_tags.merge(attributes)
end
# Adds to the Set of allowed HTML attributes for the +sanitize+ helper.
#
# class Application < Rails::Application
# config.action_view.sanitized_allowed_attributes = ['onclick', 'longdesc']
# end
#
redefine_method :sanitized_allowed_attributes= do |attributes|
HTML::WhiteListSanitizer.allowed_attributes.merge(attributes)
end
# Adds to the Set of allowed CSS properties for the #sanitize and +sanitize_css+ helpers.
#
# class Application < Rails::Application
# config.action_view.sanitized_allowed_css_properties = 'expression'
# end
#
redefine_method :sanitized_allowed_css_properties= do |attributes|
HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes)
end
# Adds to the Set of allowed CSS keywords for the +sanitize+ and +sanitize_css+ helpers.
#
# class Application < Rails::Application
# config.action_view.sanitized_allowed_css_keywords = 'expression'
# end
#
redefine_method :sanitized_allowed_css_keywords= do |attributes|
HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes)
end
# Adds to the Set of allowed shorthand CSS properties for the +sanitize+ and +sanitize_css+ helpers.
#
# class Application < Rails::Application
# config.action_view.sanitized_shorthand_css_properties = 'expression'
# end
#
redefine_method :sanitized_shorthand_css_properties= do |attributes|
HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes)
end
# Adds to the Set of allowed protocols for the +sanitize+ helper.
#
# class Application < Rails::Application
# config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
# end
#
redefine_method :sanitized_allowed_protocols= do |attributes|
HTML::WhiteListSanitizer.allowed_protocols.merge(attributes)
end
end
end
end
end