Sha256: 6a8752107737a97519bc04514f0aa2317527e30d50edfa13fc5264f78b7b52e8

Contents?: true

Size: 929 Bytes

Versions: 17

Compression:

Stored size: 929 Bytes

Contents

# frozen_string_literal: true

module Decidim
  # Use this class as a scrubber to sanitize user input. The default
  # scrubbed provided by Rails does not allow `iframe`s, and we are using
  # them to embed videos, so we need to provide a whole new scrubber.
  #
  # Example:
  #
  #    sanitize(@page.body, scrubber: Decidim::UserInputScrubber.new)
  #
  # Lists of default tags and attributes are extracted from
  # https://stackoverflow.com/a/35073814/2110884.
  class NewsletterScrubber < Rails::Html::PermitScrubber
    def initialize
      super
      self.tags = custom_allowed_tags
      self.attributes = custom_allowed_attributes
    end

    private

    def custom_allowed_attributes
      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES + %w(frameborder allowfullscreen) - %w(onerror)
    end

    def custom_allowed_tags
      Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 + %w(iframe style)
    end
  end
end

Version data entries

17 entries across 17 versions & 1 rubygems

Version Path
decidim-core-0.30.0.rc2 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.30.0.rc1 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.29.2 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.5 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.29.1 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.4 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.29.0 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.3 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.29.0.rc4 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.29.0.rc3 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.29.0.rc2 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.29.0.rc1 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.2 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.1 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.0 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.0.rc5 app/scrubbers/decidim/newsletter_scrubber.rb
decidim-core-0.28.0.rc4 app/scrubbers/decidim/newsletter_scrubber.rb