lib/gollum/sanitization.rb in gollum-1.3.1 vs lib/gollum/sanitization.rb in gollum-1.4.2

@@ -28,11 +28,11 @@
                 'charoff', 'class', 'charset', 'checked', 'cite',
                 'clear', 'cols', 'colspan', 'color',
                 'compact', 'coords', 'datetime', 'dir',
                 'disabled', 'enctype', 'for', 'frame',
                 'headers', 'height', 'hreflang',
-                'hspace', 'ismap', 'label', 'lang',
+                'hspace', 'id', 'ismap', 'label', 'lang',
                 'longdesc', 'maxlength', 'media', 'method',
                 'multiple', 'name', 'nohref', 'noshade',
                 'nowrap', 'prompt', 'readonly', 'rel', 'rev',
                 'rows', 'rowspan', 'rules', 'scope',
                 'selected', 'shape', 'size', 'span',
@@ -41,69 +41,95 @@
                 'vspace', 'width']
     }.freeze
 
     # Default whitelisted protocols for URLs.
     PROTOCOLS = {
-      'a'   => {'href' => ['http', 'https', 'mailto', :relative]},
+      'a'   => {'href' => ['http', 'https', 'mailto', 'ftp', 'irc', :relative]},
       'img' => {'src'  => ['http', 'https', :relative]}
     }.freeze
 
-    # Default transformers to force @id attributes with 'wiki-' prefix
+    ADD_ATTRIBUTES = lambda do |env, node|
+      if add = env[:config][:add_attributes][node.name]
+        add.each do |key, value|
+          node[key] = value
+        end
+      end
+    end
 
+    # Default elements whose contents will be removed in addition
+    # to the elements themselve
+    REMOVE_CONTENTS = [
+      'script',
+      'style'
+      ].freeze
+
+    # Default transformers to force @id attributes with 'wiki-' prefix
     TRANSFORMERS = [
       lambda do |env|
-        node      = env[:node]
-        return if env[:is_whitelisted] || !node.element? || !node['id'] 
+        node = env[:node]
+        return if env[:is_whitelisted] || !node.element?
         prefix = env[:config][:id_prefix]
-        node['id'] = node['id'].gsub(/\A(#{prefix})?/, prefix)
-
-        {:node_whitelist => [node]}
+        found_attrs = %w(id name).select do |key|
+          if value = node[key]
+            node[key] = value.gsub(/\A(#{prefix})?/, prefix)
+          end
+        end
+        if found_attrs.size > 0
+          ADD_ATTRIBUTES.call(env, node)
+          {}
+        end
       end,
       lambda do |env|
         node = env[:node]
-        return unless node['href']
+        return unless value = node['href']
         prefix = env[:config][:id_prefix]
-        node['href'] = node['href'].gsub(/\A\#(#{prefix})?/, '#'+prefix)
-
-        {:node_whitelist => [node]}
+        node['href'] = value.gsub(/\A\#(#{prefix})?/, '#'+prefix)
+        ADD_ATTRIBUTES.call(env, node)
+        {}
       end
     ].freeze
 
     # Gets an Array of whitelisted HTML elements.  Default: ELEMENTS.
     attr_reader :elements
 
     # Gets a Hash describing which attributes are allowed in which HTML
     # elements.  Default: ATTRIBUTES.
     attr_reader :attributes
 
-    # Gets a Hash describing which URI protocols are allowed in HTML 
+    # Gets a Hash describing which URI protocols are allowed in HTML
     # attributes.  Default: PROTOCOLS
     attr_reader :protocols
 
-    # Gets a Hash describing which URI protocols are allowed in HTML 
+    # Gets a Hash describing which URI protocols are allowed in HTML
     # attributes.  Default: TRANSFORMERS
     attr_reader :transformers
 
-    # Gets a String prefix which is added to ID attributes. Default: 'wiki-'
-    attr_reader :id_prefix
+    # Gets or sets a String prefix which is added to ID attributes.
+    # Default: 'wiki-'
+    attr_accessor :id_prefix
 
-    # Gets a Hash describing HTML attributes that Sanitize should add.  
+    # Gets a Hash describing HTML attributes that Sanitize should add.
     # Default: {}
     attr_reader :add_attributes
 
+    # Gets an Array of element names whose contents will be removed in addition
+    # to the elements themselves. Default: REMOVE_CONTENTS
+    attr_reader :remove_contents
+
     # Sets a boolean determining whether Sanitize allows HTML comments in the
     # output.  Default: false.
     attr_writer :allow_comments
 
     def initialize
-      @elements       = ELEMENTS
-      @attributes     = ATTRIBUTES
-      @protocols      = PROTOCOLS
-      @transformers   = TRANSFORMERS
-      @add_attributes = {}
-      @allow_comments = false
-      @id_prefix      = 'wiki-'
+      @elements         = ELEMENTS
+      @attributes       = ATTRIBUTES
+      @protocols        = PROTOCOLS
+      @transformers     = TRANSFORMERS
+      @add_attributes   = {}
+      @remove_contents  = REMOVE_CONTENTS
+      @allow_comments   = false
+      @id_prefix        = 'wiki-'
       yield self if block_given?
     end
 
     # Determines if Sanitize should allow HTML comments.
     #
@@ -124,16 +150,17 @@
 
     # Builds a Hash of options suitable for Sanitize.clean.
     #
     # Returns a Hash.
     def to_hash
-      { :elements       => elements,
-        :attributes     => attributes,
-        :protocols      => protocols,
-        :add_attributes => add_attributes,
-        :allow_comments => allow_comments?,
-        :transformers   => transformers,
-        :id_prefix      => id_prefix
+      { :elements         => elements,
+        :attributes       => attributes,
+        :protocols        => protocols,
+        :add_attributes   => add_attributes,
+        :remove_contents  => remove_contents,
+        :allow_comments   => allow_comments?,
+        :transformers     => transformers,
+        :id_prefix        => id_prefix
       }
     end
 
     # Builds a Sanitize instance from the current options.
     #