Created
June 26, 2020 12:52
-
-
Save seanharmer/0b687c7f866abe58eb641511ee005b28 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Put in config/initializers/html_sanitizer.rb | |
| # | |
| # See https://github.com/rails/rails-html-sanitizer/blob/master/lib/rails/html/scrubbers.rb | |
| # for more help on how the PermitScrubber works and the functions you can override. | |
| class CustomScrubber < Rails::Html::PermitScrubber | |
| def initialize | |
| super | |
| puts("CustomScrubber says hi!") | |
| self.tags = %w( script iframe figure figcaption action-text-attachment ) | |
| self.attributes = %w( style onload src async alt width height aria-hidden class sgid id type frameborder content-type ) | |
| end | |
| def keep_node?(node) | |
| if @tags | |
| allowed_node?(node) || Loofah::HTML5::Scrub.allowed_element?(node.name) | |
| else | |
| Loofah::HTML5::Scrub.allowed_element?(node.name) | |
| end | |
| end | |
| def scrub_attributes(node) | |
| if @attributes | |
| node.attribute_nodes.each do |attr| | |
| if scrub_attribute?(attr.name) | |
| puts "Removing attribute #{attr.name} from node #{node.name}" | |
| attr.remove | |
| end | |
| scrub_attribute(node, attr) | |
| end | |
| # Don't sanitize the css. Our ActionText content is trusted and | |
| # the default implementation of scrub_css_attribute messes up stuff | |
| # with the video embeds | |
| # scrub_css_attribute(node) | |
| else | |
| Loofah::HTML5::Scrub.scrub_attributes(node) | |
| end | |
| end | |
| end | |
| Rails.application.config.after_initialize do | |
| ActionText::ContentHelper.scrubber = CustomScrubber.new | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment