class HTMLPipeline::SanitizationFilter
A special filter with sanization routines and allowlists. This module defines what HTML is allowed in user provided content and fixes up issues with unbalanced tags and whatnot.
See the Selma docs for more information on the underlying library:
github.com/gjtorikian/selma/#readme
This filter does not write additional information to the context.
Constants
- DEFAULT_CONFIG
The main sanitization allowlist. Only these elements and attributes are allowed through by default.
- VALID_PROTOCOLS
Public Class Methods
call(html, config)
click to toggle source
# File lib/html_pipeline/sanitization_filter.rb, line 181 def call(html, config) raise ArgumentError, "html must be a String, not #{html.class}" unless html.is_a?(String) raise ArgumentError, "config must be a Hash, not #{config.class}" unless config.is_a?(Hash) sanitization_config = Selma::Sanitizer.new(config) Selma::Rewriter.new(sanitizer: sanitization_config).rewrite(html) end