File: deprecated_sanitizer.rb

package info (click to toggle)
ruby-rails-deprecated-sanitizer 1.0.3-3
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 244 kB
  • sloc: ruby: 1,737; makefile: 3
file content (146 lines) | stat: -rw-r--r-- 4,896 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 
require "rails/deprecated_sanitizer/version"
require "rails/deprecated_sanitizer/html-scanner"
require "rails/deprecated_sanitizer/railtie" if defined?(Rails::Railtie)
require "active_support/core_ext/module/remove_method"

module Rails
  module DeprecatedSanitizer
    extend self

    def full_sanitizer
      HTML::FullSanitizer
    end

    def link_sanitizer
      HTML::LinkSanitizer
    end

    def white_list_sanitizer
      HTML::WhiteListSanitizer
    end
  end
end

module ActionView
  module Helpers
    module SanitizeHelper
      module ClassMethods
        redefine_method :sanitizer_vendor do
          Rails::DeprecatedSanitizer
        end

        redefine_method :sanitized_protocol_separator do
          white_list_sanitizer.protocol_separator
        end

        redefine_method :sanitized_uri_attributes do
          white_list_sanitizer.uri_attributes
        end

        redefine_method :sanitized_bad_tags do
          white_list_sanitizer.bad_tags
        end

        redefine_method :sanitized_allowed_css_properties do
          white_list_sanitizer.allowed_css_properties
        end

        redefine_method :sanitized_allowed_css_keywords do
          white_list_sanitizer.allowed_css_keywords
        end

        redefine_method :sanitized_shorthand_css_properties do
          white_list_sanitizer.shorthand_css_properties
        end

        redefine_method :sanitized_allowed_protocols do
          white_list_sanitizer.allowed_protocols
        end

        redefine_method :sanitized_protocol_separator= do |value|
          white_list_sanitizer.protocol_separator = value
        end

        # Adds valid HTML attributes that the +sanitize+ helper checks for URIs.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
        #   end
        #
        redefine_method :sanitized_uri_attributes= do |attributes|
          HTML::WhiteListSanitizer.uri_attributes.merge(attributes)
        end

        # Adds to the Set of 'bad' tags for the +sanitize+ helper.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_bad_tags = 'embed', 'object'
        #   end
        #
        redefine_method :sanitized_bad_tags= do |attributes|
          HTML::WhiteListSanitizer.bad_tags.merge(attributes)
        end

        # Adds to the Set of allowed tags for the +sanitize+ helper.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
        #   end
        #
        redefine_method :sanitized_allowed_tags= do |attributes|
          HTML::WhiteListSanitizer.allowed_tags.merge(attributes)
        end

        # Adds to the Set of allowed HTML attributes for the +sanitize+ helper.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_allowed_attributes = ['onclick', 'longdesc']
        #   end
        #
        redefine_method :sanitized_allowed_attributes= do |attributes|
          HTML::WhiteListSanitizer.allowed_attributes.merge(attributes)
        end

        # Adds to the Set of allowed CSS properties for the #sanitize and +sanitize_css+ helpers.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_allowed_css_properties = 'expression'
        #   end
        #
        redefine_method :sanitized_allowed_css_properties= do |attributes|
          HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes)
        end

        # Adds to the Set of allowed CSS keywords for the +sanitize+ and +sanitize_css+ helpers.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_allowed_css_keywords = 'expression'
        #   end
        #
        redefine_method :sanitized_allowed_css_keywords= do |attributes|
          HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes)
        end

        # Adds to the Set of allowed shorthand CSS properties for the +sanitize+ and +sanitize_css+ helpers.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_shorthand_css_properties = 'expression'
        #   end
        #
        redefine_method :sanitized_shorthand_css_properties= do |attributes|
          HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes)
        end

        # Adds to the Set of allowed protocols for the +sanitize+ helper.
        #
        #   class Application < Rails::Application
        #     config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
        #   end
        #
        redefine_method :sanitized_allowed_protocols= do |attributes|
          HTML::WhiteListSanitizer.allowed_protocols.merge(attributes)
        end
      end
    end
  end
end