Class: Html2rss::AttributePostProcessors::SanitizeHtml
- Inherits:
-
Object
- Object
- Html2rss::AttributePostProcessors::SanitizeHtml
- Defined in:
- lib/html2rss/attribute_post_processors/sanitize_html.rb
Overview
Returns sanitized HTML code as String. Adds
-
rel=“nofollow noopener noreferrer” to a elements
-
referrer-policy='no-referrer' to img elements
Imagine this HTML structure:
<section>
Lorem <b>ipsum</b> dolor...
<iframe src="https://evil.corp/miner"></iframe>
<script>alert();</script>
</section>
YAML usage example:
selectors:
description:
selector: section
extractor: html
post_process:
name: sanitize_html
Would return:
'<p>Lorem <b>ipsum</b> dolor ...</p>'
Instance Method Summary collapse
-
#get ⇒ String
-
uses the sanitize gem - uses the config Sanitize::Config::RELAXED - adds rel=“nofollow noopener noreferrer” to a elements - adds target=“_blank” to a elements.
-
-
#initialize(value, env) ⇒ SanitizeHtml
constructor
A new instance of SanitizeHtml.
Constructor Details
#initialize(value, env) ⇒ SanitizeHtml
Returns a new instance of SanitizeHtml
32 33 34 35 |
# File 'lib/html2rss/attribute_post_processors/sanitize_html.rb', line 32 def initialize(value, env) @value = value @channel_url = env[:config].url end |
Instance Method Details
#get ⇒ String
-
uses the sanitize gem
-
uses the config Sanitize::Config::RELAXED
-
adds rel=“nofollow noopener noreferrer” to a elements
-
adds target=“_blank” to a elements
43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 |
# File 'lib/html2rss/attribute_post_processors/sanitize_html.rb', line 43 def get Sanitize.fragment(@value, Sanitize::Config.merge( Sanitize::Config::RELAXED, attributes: { all: %w[dir lang alt title translate] }, add_attributes: { 'a' => { 'rel' => 'nofollow noopener noreferrer', 'target' => '_blank' }, 'img' => { 'referrer-policy' => 'no-referrer' } }, transformers: [transform_urls_to_absolute_ones] )).to_s.split.join(' ') end |