Sha256: c05a99d3c10f74f88a5ed704abbf157538fe7f293c9cb632c639630a151ee448

Contents?: true

Size: 791 Bytes

Versions: 7

Compression:

Stored size: 791 Bytes

Contents

# frozen_string_literal: true

module Decidim
  # Use this class as a scrubber to sanitize admin user input. The default
  # scrubbed provided by Rails does not allow `iframe`s, and we're using
  # them to embed videos, so we need to provide a whole new scrubber.
  #
  # Example:
  #
  #    sanitize(@page.body, scrubber: Decidim::AdminInputScrubber.new)
  #
  # Lists of default tags and attributes are extracted from
  # https://stackoverflow.com/a/35073814/2110884.
  class AdminInputScrubber < UserInputScrubber
    private

    DECIDIM_ALLOWED_TAGS = %w(img video audio source comment iframe).freeze

    def custom_allowed_attributes
      super + %w(frameborder allowfullscreen) - %w(onerror)
    end

    def custom_allowed_tags
      super + DECIDIM_ALLOWED_TAGS
    end
  end
end

Version data entries

7 entries across 7 versions & 1 rubygems

Version Path
decidim-core-0.27.9 app/scrubbers/decidim/admin_input_scrubber.rb
decidim-core-0.27.8 app/scrubbers/decidim/admin_input_scrubber.rb
decidim-core-0.27.7 app/scrubbers/decidim/admin_input_scrubber.rb
decidim-core-0.27.6 app/scrubbers/decidim/admin_input_scrubber.rb
decidim-core-0.27.5 app/scrubbers/decidim/admin_input_scrubber.rb
decidim-core-0.27.4 app/scrubbers/decidim/admin_input_scrubber.rb
decidim-core-0.27.3 app/scrubbers/decidim/admin_input_scrubber.rb