Sha256: ab3a0c3e20b8371d78144333f03671a4dac10f8d375293e5599cf490644d1038

Contents?: true

Size: 717 Bytes

Versions: 4

Compression:

Stored size: 717 Bytes

Contents

# frozen_string_literal: true

module Decidim
  # Use this class as a scrubber to sanitize participant user input.
  #
  # Example:
  #
  #    sanitize(@page.body, scrubber: Decidim::UserInputScrubber.new)
  #
  # Lists of default tags and attributes are extracted from
  # https://stackoverflow.com/a/35073814/2110884.
  class UserInputScrubber < Rails::Html::PermitScrubber
    def initialize
      super
      self.tags = custom_allowed_tags
      self.attributes = custom_allowed_attributes
    end

    private

    def custom_allowed_attributes
      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES
    end

    def custom_allowed_tags
      Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2
    end
  end
end

Version data entries

4 entries across 4 versions & 1 rubygems

Version Path
decidim-core-0.27.2 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.0.rc2 app/scrubbers/decidim/user_input_scrubber.rb