File: default.rb

package info (click to toggle)
ruby-sanitize 4.6.6-2.1~deb10u1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 528 kB
  • sloc: ruby: 2,837; makefile: 5
file content (114 lines) | stat: -rw-r--r-- 4,784 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
 
# encoding: utf-8

class Sanitize
  module Config
    DEFAULT = freeze_config(
      # HTML attributes to add to specific elements. By default, no attributes
      # are added.
      :add_attributes => {},

      # Whether or not to allow HTML comments. Allowing comments is strongly
      # discouraged, since IE allows script execution within conditional
      # comments.
      :allow_comments => false,

      # Whether or not to allow well-formed HTML doctype declarations such as
      # "<!DOCTYPE html>" when sanitizing a document. This setting is ignored
      # when sanitizing fragments.
      :allow_doctype => false,

      # HTML attributes to allow in specific elements. By default, no attributes
      # are allowed. Use the symbol :data to indicate that arbitrary HTML5
      # data-* attributes should be allowed.
      :attributes => {},

      # CSS sanitization settings.
      :css => {
        # Whether or not to allow CSS comments.
        :allow_comments => false,

        # Whether or not to allow browser compatibility hacks such as the IE *
        # and _ hacks. These are generally harmless, but technically result in
        # invalid CSS.
        :allow_hacks => false,

        # CSS at-rules to allow that may not have associated blocks (e.g.
        # "import").
        #
        # https://developer.mozilla.org/en-US/docs/Web/CSS/At-rule
        :at_rules => [],

        # CSS at-rules to allow whose blocks may contain properties (e.g.
        # "font-face").
        :at_rules_with_properties => [],

        # CSS at-rules to allow whose blocks may contain styles (e.g. "media").
        :at_rules_with_styles => [],

        # CSS properties to allow.
        :properties => [],

        # URL protocols to allow in CSS URLs.
        :protocols => []
      },

      # HTML elements to allow. By default, no elements are allowed (which means
      # that all HTML will be stripped).
      :elements => [],

      # URL handling protocols to allow in specific attributes. By default, no
      # protocols are allowed. Use :relative in place of a protocol if you want
      # to allow relative URLs sans protocol.
      :protocols => {},

      # If this is true, Sanitize will remove the contents of any filtered
      # elements in addition to the elements themselves. By default, Sanitize
      # leaves the safe parts of an element's contents behind when the element
      # is removed.
      #
      # If this is an Array or Set of element names, then only the contents of
      # the specified elements (when filtered) will be removed, and the contents
      # of all other filtered elements will be left behind.
      :remove_contents => %w[
        iframe math noembed noframes noscript plaintext script style svg xmp
      ],

      # Transformers allow you to filter or alter nodes using custom logic. See
      # README.md for details and examples.
      :transformers => [],

      # Elements which, when removed, should have their contents surrounded by
      # values specified with `before` and `after` keys to preserve readability.
      # For example, `foo<div>bar</div>baz` will become 'foo bar baz' when the
      # <div> is removed.
      :whitespace_elements => {
        'address'    => { :before => ' ', :after => ' ' },
        'article'    => { :before => ' ', :after => ' ' },
        'aside'      => { :before => ' ', :after => ' ' },
        'blockquote' => { :before => ' ', :after => ' ' },
        'br'         => { :before => ' ', :after => ' ' },
        'dd'         => { :before => ' ', :after => ' ' },
        'div'        => { :before => ' ', :after => ' ' },
        'dl'         => { :before => ' ', :after => ' ' },
        'dt'         => { :before => ' ', :after => ' ' },
        'footer'     => { :before => ' ', :after => ' ' },
        'h1'         => { :before => ' ', :after => ' ' },
        'h2'         => { :before => ' ', :after => ' ' },
        'h3'         => { :before => ' ', :after => ' ' },
        'h4'         => { :before => ' ', :after => ' ' },
        'h5'         => { :before => ' ', :after => ' ' },
        'h6'         => { :before => ' ', :after => ' ' },
        'header'     => { :before => ' ', :after => ' ' },
        'hgroup'     => { :before => ' ', :after => ' ' },
        'hr'         => { :before => ' ', :after => ' ' },
        'li'         => { :before => ' ', :after => ' ' },
        'nav'        => { :before => ' ', :after => ' ' },
        'ol'         => { :before => ' ', :after => ' ' },
        'p'          => { :before => ' ', :after => ' ' },
        'pre'        => { :before => ' ', :after => ' ' },
        'section'    => { :before => ' ', :after => ' ' },
        'ul'         => { :before => ' ', :after => ' ' }
      }
    )
  end
end