class Rails::Html::SafeListSanitizer

def sanitize(html, options = {})

def sanitize(html, options = {})
  return unless html
  return html if html.empty?
  loofah_fragment = Loofah.fragment(html)
  if scrubber = options[:scrubber]
    # No duck typing, Loofah ensures subclass of Loofah::Scrubber
    loofah_fragment.scrub!(scrubber)
  elsif allowed_tags(options) || allowed_attributes(options)
    @permit_scrubber.tags = allowed_tags(options)
    @permit_scrubber.attributes = allowed_attributes(options)
    loofah_fragment.scrub!(@permit_scrubber)
  else
    remove_xpaths(loofah_fragment, XPATHS_TO_REMOVE)
    loofah_fragment.scrub!(:strip)
  end
  properly_encode(loofah_fragment, encoding: 'UTF-8')
end

Instance Methods

# allowed_attributes
# allowed_tags
# initialize
# loofah_using_html5?
# remove_safelist_tag_combinations
# sanitize
# sanitize_css

Modules

Classes

class Rails::Html::SafeListSanitizer

def sanitize(html, options = {})

Instance Methods