Add a layer of indirection making sanitizers pluggable.

2014-05-23 23:21:01 +02:00 · 2014-05-23 23:21:01 +02:00 · 427f3f90d4
commit 427f3f90d4
parent 5d3a29229b
3 changed files with 23 additions and 3 deletions
--- a/actionview/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionview/lib/action_view/helpers/sanitize_helper.rb
@ -137,6 +137,11 @@ module ClassMethods #:nodoc:
          define_method("#{meth_name}=") { |value| imp.("#{meth_name}=") }
        end

+        # A class to vendor out the full, link and white list sanitizers
+        # Can be set to either HTML::Scanner or HTML::Sanitizer
+        mattr_accessor :sanitizer_vendor
+        self.sanitizer_vendor = HTML::Scanner
+
        def sanitized_allowed_tags
          HTML::WhiteListSanitizer.allowed_tags
        end
@ -153,7 +158,7 @@ def sanitized_allowed_attributes
        #   end
        #
        def full_sanitizer
-          @full_sanitizer ||= Rails::Html::FullSanitizer.new
+          @full_sanitizer ||= sanitizer_vendor.full_sanitizer.new
        end

        # Gets the Rails::Html::LinkSanitizer instance used by +strip_links+.
@ -164,7 +169,7 @@ def full_sanitizer
        #   end
        #
        def link_sanitizer
-          @link_sanitizer ||= Rails::Html::LinkSanitizer.new
+          @link_sanitizer ||= sanitizer_vendor.link_sanitizer.new
        end

        # Gets the Rails::Html::WhiteListSanitizer instance used by sanitize and +sanitize_css+.
@ -175,7 +180,7 @@ def link_sanitizer
        #   end
        #
        def white_list_sanitizer
-          @white_list_sanitizer ||= Rails::Html::WhiteListSanitizer.new
+          @white_list_sanitizer ||= sanitizer_vendor.white_list_sanitizer.new
        end

        # Replaces the allowed tags for the +sanitize+ helper.
--- a/actionview/lib/action_view/vendor/html-scanner.rb
+++ b/actionview/lib/action_view/vendor/html-scanner.rb
@ -7,6 +7,7 @@ module HTML
  extend ActiveSupport::Autoload

  eager_autoload do
+    autoload :Scanner, 'html/sanitizer'
    autoload :CDATA, 'html/node'
    autoload :Document, 'html/document'
    autoload :FullSanitizer, 'html/sanitizer'
--- a/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb
+++ b/actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb
@ -3,6 +3,20 @@
 require 'active_support/core_ext/module/attribute_accessors'

 module HTML
+  module Scanner
+    def full_sanitizer
+      HTML::FullSanitizer
+    end
+
+    def link_sanitizer
+      HTML::LinkSanitizer
+    end
+
+    def white_list_sanitizer
+      HTML::WhiteListSanitizer
+    end
+  end
+
  class Sanitizer
    def sanitize(text, options = {})
      validate_options(options)