Add a layer of indirection making sanitizers pluggable.
This commit is contained in:
parent
5d3a29229b
commit
427f3f90d4
@ -137,6 +137,11 @@ module ClassMethods #:nodoc:
|
||||
define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") }
|
||||
end
|
||||
|
||||
# A class to vendor out the full, link and white list sanitizers
|
||||
# Can be set to either HTML::Scanner or HTML::Sanitizer
|
||||
mattr_accessor :sanitizer_vendor
|
||||
self.sanitizer_vendor = HTML::Scanner
|
||||
|
||||
def sanitized_allowed_tags
|
||||
HTML::WhiteListSanitizer.allowed_tags
|
||||
end
|
||||
@ -153,7 +158,7 @@ def sanitized_allowed_attributes
|
||||
# end
|
||||
#
|
||||
def full_sanitizer
|
||||
@full_sanitizer ||= Rails::Html::FullSanitizer.new
|
||||
@full_sanitizer ||= sanitizer_vendor.full_sanitizer.new
|
||||
end
|
||||
|
||||
# Gets the Rails::Html::LinkSanitizer instance used by +strip_links+.
|
||||
@ -164,7 +169,7 @@ def full_sanitizer
|
||||
# end
|
||||
#
|
||||
def link_sanitizer
|
||||
@link_sanitizer ||= Rails::Html::LinkSanitizer.new
|
||||
@link_sanitizer ||= sanitizer_vendor.link_sanitizer.new
|
||||
end
|
||||
|
||||
# Gets the Rails::Html::WhiteListSanitizer instance used by sanitize and +sanitize_css+.
|
||||
@ -175,7 +180,7 @@ def link_sanitizer
|
||||
# end
|
||||
#
|
||||
def white_list_sanitizer
|
||||
@white_list_sanitizer ||= Rails::Html::WhiteListSanitizer.new
|
||||
@white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new
|
||||
end
|
||||
|
||||
# Replaces the allowed tags for the +sanitize+ helper.
|
||||
|
@ -7,6 +7,7 @@ module HTML
|
||||
extend ActiveSupport::Autoload
|
||||
|
||||
eager_autoload do
|
||||
autoload :Scanner, 'html/sanitizer'
|
||||
autoload :CDATA, 'html/node'
|
||||
autoload :Document, 'html/document'
|
||||
autoload :FullSanitizer, 'html/sanitizer'
|
||||
|
@ -3,6 +3,20 @@
|
||||
require 'active_support/core_ext/module/attribute_accessors'
|
||||
|
||||
module HTML
|
||||
module Scanner
|
||||
def full_sanitizer
|
||||
HTML::FullSanitizer
|
||||
end
|
||||
|
||||
def link_sanitizer
|
||||
HTML::LinkSanitizer
|
||||
end
|
||||
|
||||
def white_list_sanitizer
|
||||
HTML::WhiteListSanitizer
|
||||
end
|
||||
end
|
||||
|
||||
class Sanitizer
|
||||
def sanitize(text, options = {})
|
||||
validate_options(options)
|
||||
|
Loading…
Reference in New Issue
Block a user