Class: Magnet::Markdown::Filter::Sanitize

Inherits:

HTML::Pipeline::Filter

• Object
• HTML::Pipeline::Filter
• Magnet::Markdown::Filter::Sanitize

Defined in:

lib/magnet/markdown/filter/sanitize.rb

Constant Summary

RULE =

{
  attributes: {
    'a' => [
      'href'
    ],
    'iframe' => %w(allowfullscreen frameborder height marginheight marginwidth scrolling src style width),
    'img' => [
      'src'
    ],
    'div' => %w(itemscope itemtype),
    'script' => %w(async src),
    all: [
      'abbr',
      'align',
      'alt',
      'border',
      'cellpadding',
      'cellspacing',
      'cite',
      'class',
      'color',
      'cols',
      'colspan',
      'datetime',
      'height',
      'hreflang',
      'id',
      'itemprop',
      'lang',
      'name',
      'tabindex',
      'target',
      'title',
      'width',
      :data
    ]
  },
  elements: %w(
    a b blockquote br code dd del div dl dt em font h1 h2 h3 h4 h5 h6 h7 h8 hr i img ins kbd li ol p pre q rp rt ruby s
    samp strike strong sub sup table tbody td tfoot th thead tr tt ul var
  ),
  protocols: {
    'a' => {
      'href' => [
        :relative,
        'http',
        'https'
      ]
    },
    'img' => {
      'src' => [
        :relative,
        'http',
        'https'
      ]
    }
  },
  remove_contents: [
    'script'
  ]
}

ALLOW_SCRIPT_RULE =

RULE.dup.tap do |rule|
  rule[:elements] = RULE[:elements] + %w(iframe script)
  rule[:remove_contents] = []
end

Instance Method Summary

• #call ⇒ Object
• #rule ⇒ Object

Instance Method Details

#call ⇒ Object

# File 'lib/magnet/markdown/filter/sanitize.rb', line 72

def call
  ::Sanitize.clean_node!(doc, rule)
  doc
end

#rule ⇒ Object

# File 'lib/magnet/markdown/filter/sanitize.rb', line 77

def rule
  case
  when context[:sanitize_rule]
    context[:sanitize_rule]
  when context[:allow_script] == true
    ALLOW_SCRIPT_RULE
  else
    RULE
  end
end