lib/string_tools.rb in string_tools-0.9.1 vs lib/string_tools.rb in string_tools-0.10.0
- old
+ new
@@ -174,18 +174,21 @@
# Мерджим добавочные теги и атрибуты
attributes.merge!(attr)
elements = attributes.keys | TAGS_WITHOUT_ATTRIBUTES
+ transformers = [LINK_NORMALIZER]
+ transformers << IframeNormalizer.new(attributes['iframe']) if attributes.key?('iframe')
+
Sanitize.fragment(
str,
:attributes => attributes,
:elements => elements,
:css => {:properties => Sanitize::Config::RELAXED[:css][:properties]},
:remove_contents => %w(style javascript),
:allow_comments => false,
- :transformers => [LINK_NORMALIZER]
+ :transformers => transformers
)
end
end
# приводит ссылки согласно стандарту, не корёжит
@@ -206,9 +209,28 @@
def normalize_link(node, attr_name)
return unless node[attr_name]
node[attr_name] = Addressable::URI.parse(node[attr_name]).normalize.to_s
rescue Addressable::URI::InvalidURIError
node.swap node.children
+ end
+ end
+
+ class IframeNormalizer
+ def initialize(attributes)
+ @attributes = attributes
+ end
+
+ def call(env)
+ node = env[:node]
+
+ return unless node.name == 'iframe'
+
+ unless node[:src] =~ %r{^(http|https):?\/\/(www\.)?youtube?\.com\/}
+ node.unlink
+ return
+ end
+
+ Sanitize.node!(env[:node], elements: %w(iframe), attributes: {'iframe' => @attributes})
end
end
LINK_NORMALIZER = LinkNormalizer.new
end