Sha256: f974afd01ed3806b1bb49b3eb60db58542dc867076c1be03f62881255e81a6e4

Contents?: true

Size: 1.07 KB

Versions: 24

Compression:

Stored size: 1.07 KB

Contents

# frozen_string_literal: true

module Decidim
  # Use this class as a scrubber to sanitize participant user input.
  #
  # Example:
  #
  #    sanitize(@page.body, scrubber: Decidim::UserInputScrubber.new)
  #
  # Lists of default tags and attributes are extracted from
  # https://stackoverflow.com/a/35073814/2110884.
  class UserInputScrubber < Rails::Html::PermitScrubber
    def initialize
      super
      self.tags = custom_allowed_tags
      self.attributes = custom_allowed_attributes
    end

    private

    RESTRICTED_TAGS = %w(
      area
      article
      aside
      audio
      button
      canvas
      fieldset
      figcaption
      figure
      font
      footer
      form
      header
      img
      input
      label
      legend
      main
      map
      menu
      optgroup
      option
      output
      select
      textarea
      video
    ).freeze

    def custom_allowed_attributes
      Loofah::HTML5::SafeList::ALLOWED_ATTRIBUTES
    end

    def custom_allowed_tags
      Loofah::HTML5::SafeList::ACCEPTABLE_ELEMENTS - RESTRICTED_TAGS
    end
  end
end

Version data entries

24 entries across 24 versions & 1 rubygems

Version Path
decidim-core-0.29.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.28.4 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.9 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.29.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.28.3 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.8 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.29.0.rc4 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.29.0.rc3 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.29.0.rc2 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.29.0.rc1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.28.2 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.7 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.28.1 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.6 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.26.10 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.26.9 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.28.0 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.27.5 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.28.0.rc5 app/scrubbers/decidim/user_input_scrubber.rb
decidim-core-0.28.0.rc4 app/scrubbers/decidim/user_input_scrubber.rb