module Sanitize::Rails::Engine
Public Instance Methods
clean(string)
click to toggle source
Returns a copy of the given `string` after sanitizing it and marking it as `html_safe`
Ensuring this methods return instances of ActiveSupport::SafeBuffer means that text passed through `Sanitize::Rails::Engine.clean` will not be escaped by ActionView's XSS filtering utilities.
# File lib/sanitize/rails/engine.rb, line 57 def clean(string) ::ActiveSupport::SafeBuffer.new cleaned_fragment(string) end
clean!(string)
click to toggle source
Sanitizes the given `string` in place and does NOT mark it as `html_safe`
# File lib/sanitize/rails/engine.rb, line 63 def clean!(string) return '' if string.nil? string.replace cleaned_fragment(string) end
cleaner()
click to toggle source
Returns a memoized instance of the Engine
with the configuration passed to the configure
method or with the ActionView's default config
# File lib/sanitize/rails/engine.rb, line 47 def cleaner @_cleaner ||= ::Sanitize.new(config) end
config()
click to toggle source
# File lib/sanitize/rails/engine.rb, line 27 def config @_config ||= { :elements => ::ActionView::Base.sanitized_allowed_tags.to_a, :attributes => { :all => ::ActionView::Base.sanitized_allowed_attributes.to_a }, :protocols => { :all => ::ActionView::Base.sanitized_allowed_protocols.to_a }, :entities_whitelist => {} } end
configure(config)
click to toggle source
Changes the Sanitizer configuration.
# File lib/sanitize/rails/engine.rb, line 8 def configure(config) @_config = config.freeze @_cleaner = nil end
Private Instance Methods
cleaned_fragment(string)
click to toggle source
# File lib/sanitize/rails/engine.rb, line 92 def cleaned_fragment(string) sanitized_string = cleaner.fragment(string) if @_config[:entities_whitelist].present? sanitized_string = decode_whitelisted_entities(sanitized_string) end return sanitized_string end
decode_whitelisted_entities(string)
click to toggle source
# File lib/sanitize/rails/engine.rb, line 84 def decode_whitelisted_entities(string) @_config[:entities_whitelist].each do |entity, decoded_value| string.gsub!(entity.to_s, decoded_value.to_s) end string end