Sha256: f4c83e6df3a04802651f8c72fbd468a05375288253b5c02f098b3f22e87b0357
Contents?: true
Size: 921 Bytes
Versions: 30
Compression:
Stored size: 921 Bytes
Contents
# frozen_string_literal: true module Decidim # Use this class as a scrubber to sanitize user input. The default # scrubbed provided by Rails does not allow `iframe`s, and we're using # them to embed videos, so we need to provide a whole new scrubber. # # Example: # # sanitize(@page.body, scrubber: Decidim::UserInputScrubber.new) # # Lists of default tags and attributes are extracted from # https://stackoverflow.com/a/35073814/2110884. class UserInputScrubber < Rails::Html::PermitScrubber def initialize super self.tags = custom_allowed_tags self.attributes = custom_allowed_attributes end private def custom_allowed_attributes Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES + %w(frameborder allowfullscreen) - %w(onerror) end def custom_allowed_tags Loofah::HTML5::SafeList::ALLOWED_ELEMENTS_WITH_LIBXML2 + %w(iframe) end end end
Version data entries
30 entries across 30 versions & 1 rubygems