Sha256: 9d0cfe0352d3f5184c434872cd7831c5c4baeda25a8993b6a8a96d661776908a

Contents?: true

Size: 909 Bytes

Versions: 37

Compression:

Stored size: 909 Bytes

Contents

# frozen_string_literal: true

module Decidim
  # Use this class as a scrubber to sanitize user input. The default
  # scrubbed provided by Rails does not allow `iframe`s, and we're using
  # them to embed videos, so we need to provide a whole new scrubber.
  #
  # Example:
  #
  #    sanitize(@page.body, scrubber: Decidim::UserInputScrubber.new)
  #
  # Lists of default tags and attributes are extracted from
  # https://stackoverflow.com/a/35073814/2110884.
  class UserInputScrubber < Rails::Html::PermitScrubber
    def initialize
      super
      self.tags = custom_allowed_tags
      self.attributes = custom_allowed_attributes
    end

    private

    def custom_allowed_attributes
      Loofah::HTML5::WhiteList::ALLOWED_ATTRIBUTES + %w(frameborder allowfullscreen)
    end

    def custom_allowed_tags
      Loofah::HTML5::WhiteList::ALLOWED_ELEMENTS_WITH_LIBXML2 + %w(iframe)
    end
  end
end

Version data entries

37 entries across 37 versions & 1 rubygems

Version Path
decidim-core-0.19.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.18.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.19.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.17.2 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.18.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.17.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.16.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.17.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.16.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.15.2 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.15.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.15.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.14.4 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.14.3 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.14.2 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.14.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.13.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.12.2 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.13.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.12.1 app/scrubbers/decidim/user_input_scrubber.rb