class HTMLPipeline::SanitizationFilter

A special filter with sanization routines and allowlists. This module defines what HTML is allowed in user provided content and fixes up issues with unbalanced tags and whatnot.

See the Selma docs for more information on the underlying library:

github.com/gjtorikian/selma/#readme

This filter does not write additional information to the context.

Constants

DEFAULT_CONFIG

The main sanitization allowlist. Only these elements and attributes are allowed through by default.

VALID_PROTOCOLS

Public Class Methods

call(html, config) click to toggle source
# File lib/html_pipeline/sanitization_filter.rb, line 181
def call(html, config)
  raise ArgumentError, "html must be a String, not #{html.class}" unless html.is_a?(String)
  raise ArgumentError, "config must be a Hash, not #{config.class}" unless config.is_a?(Hash)

  sanitization_config = Selma::Sanitizer.new(config)
  Selma::Rewriter.new(sanitizer: sanitization_config).rewrite(html)
end