class Rails::HTML::PermitScrubber
Experimental RBS support (using type sampling data from the type_fusion project).
# sig/rails/html/scrubbers.rbs class Rails::HTML::PermitScrubber < Rails::HTML::Loofah::Scrubber def allowed_node?: (Nokogiri::XML::Element node) -> bool def attributes=: (Set attributes) -> Set def initialize: (prune: false) -> void def keep_node?: (Nokogiri::XML::Element node) -> bool def scrub: ((Nokogiri::XML::Text | Nokogiri::XML::Element) node) -> Object? def scrub_attribute: (Nokogiri::XML::Element node, Nokogiri::XML::Attr attr_node) -> (Array[Nokogiri::XML::Attr] | Array[]) def scrub_attribute?: (String name) -> bool def scrub_attributes: (Nokogiri::XML::Element node) -> nil def scrub_css_attribute: (Nokogiri::XML::Element node) -> nil def scrub_node: (Nokogiri::XML::Element node) -> Nokogiri::XML::Element def skip_node?: ((Nokogiri::XML::Element | Nokogiri::XML::Text) node) -> bool def tags=: (Set tags) -> Set def validate!: (Set var, Symbol name) -> Set end
with nodes: nokogiri.org/rdoc/Nokogiri/XML/Node.html<br>See the documentation for Nokogiri::XML::Node to understand what’s possible
end
end
name == “style”
def scrub_attribute?(name)
end
node.text?
def skip_node?(node)
end
self.tags = %w(form script comment blockquote)
super
def initialize
class CommentScrubber < Rails::HTML::PermitScrubber
If not, attributes are removed based on Loofahs HTML5::Scrub.scrub_attributes.
If set, attributes excluded will be removed.attributes=
If not, elements are stripped based on Loofahs HTML5::Scrub.allowed_element?.
If set, elements excluded will be stripped.tags=
Supplied tags and attributes should be Enumerables.
Unallowed elements will be stripped, i.e. element is removed but its subtree kept.
Text and CDATA nodes are skipped by default.
Likewise for scrub_attribute? and attributes respectively.
Instead Loofahs behavior will be used.
If you override allowed_node? and no tags are set, it will not be called.
If tags or attributes are not set, Loofah’s behavior will be used.
Subclasses don’t need to worry if tags or attributes are set or not.
- When an attribute should be scrubbed via scrub_attribute?.
- When a node is allowed via allowed_node?.
- When a node should be skipped via skip_node?.Rails::HTML::PermitScrubber can be subclassed to determine:Rails::HTML::PermitScrubber allows you to permit only your own tags and/or attributes.
=== Rails::HTML::PermitScrubber
def allowed_node?(node)
Experimental RBS support (using type sampling data from the type_fusion project).
def allowed_node?: (Nokogiri::XML::Element node) -> bool
This signature was generated using 10 samples from 1 application.
def allowed_node?(node) @tags.include?(node.name) end
def attributes=(attributes)
Experimental RBS support (using type sampling data from the type_fusion project).
def attributes=: (Set attributes) -> Set
This signature was generated using 8 samples from 1 application.
def attributes=(attributes) @attributes = validate!(attributes, :attributes) end
def initialize(prune: false)
Experimental RBS support (using type sampling data from the type_fusion project).
def initialize: (prune: false) -> void
This signature was generated using 1 sample from 1 application.
def initialize(prune: false) @prune = prune @direction = @prune ? :top_down : :bottom_up @tags, @attributes = nil, nil end
def keep_node?(node)
Experimental RBS support (using type sampling data from the type_fusion project).
def keep_node?: (Nokogiri::XML::Element node) -> bool
This signature was generated using 17 samples from 1 application.
def keep_node?(node) if @tags allowed_node?(node) else Loofah::HTML5::Scrub.allowed_element?(node.name) end end
def scrub(node)
Experimental RBS support (using type sampling data from the type_fusion project).
def scrub: ((Nokogiri::XML::Text | Nokogiri::XML::Element) node) -> Object?
This signature was generated using 47 samples from 1 application.
def scrub(node) if Loofah::HTML5::Scrub.cdata_needs_escaping?(node) replacement = Loofah::HTML5::Scrub.cdata_escape(node) node.replace(replacement) return CONTINUE end return CONTINUE if skip_node?(node) unless (node.element? || node.comment?) && keep_node?(node) return STOP if scrub_node(node) == STOP end scrub_attributes(node) end
def scrub_attribute(node, attr_node)
Experimental RBS support (using type sampling data from the type_fusion project).
type Rails__HTML__PermitScrubber_scrub_attribute_return_value = | Nokogiri::XML::Attr | Nokogiri::XML::Attr | Nokogiri::XML::Attr | Nokogiri::XML::Attr | Nokogiri::XML::Attr | Nokogiri::XML::Attr | Nokogiri::XML::Attr def scrub_attribute: (Nokogiri::XML::Element node, Nokogiri::XML::Attr attr_node) -> Rails__HTML__PermitScrubber_scrub_attribute_return_value
This signature was generated using 19 samples from 1 application.
def scrub_attribute(node, attr_node) attr_name = if attr_node.namespace "#{attr_node.namespace.prefix}:#{attr_node.node_name}" else attr_node.node_name end if Loofah::HTML5::SafeList::ATTR_VAL_IS_URI.include?(attr_name) return if Loofah::HTML5::Scrub.scrub_uri_attribute(attr_node) end if Loofah::HTML5::SafeList::SVG_ATTR_VAL_ALLOWS_REF.include?(attr_name) Loofah::HTML5::Scrub.scrub_attribute_that_allows_local_ref(attr_node) end if Loofah::HTML5::SafeList::SVG_ALLOW_LOCAL_HREF.include?(node.name) && attr_name == "xlink:href" && attr_node.value =~ /^\s*[^#\s].*/m attr_node.remove end node.remove_attribute(attr_node.name) if attr_name == "src" && attr_node.value !~ /[^[:space:]]/ Loofah::HTML5::Scrub.force_correct_attribute_escaping! node end
def scrub_attribute?(name)
Experimental RBS support (using type sampling data from the type_fusion project).
def scrub_attribute?: (String name) -> bool
This signature was generated using 23 samples from 1 application.
def scrub_attribute?(name) !@attributes.include?(name) end
def scrub_attributes(node)
Experimental RBS support (using type sampling data from the type_fusion project).
def scrub_attributes: (Nokogiri::XML::Element node) -> nil
This signature was generated using 15 samples from 1 application.
def scrub_attributes(node) if @attributes node.attribute_nodes.each do |attr| attr.remove if scrub_attribute?(attr.name) scrub_attribute(node, attr) end scrub_css_attribute(node) else Loofah::HTML5::Scrub.scrub_attributes(node) end end
def scrub_css_attribute(node)
Experimental RBS support (using type sampling data from the type_fusion project).
def scrub_css_attribute: (Nokogiri::XML::Element node) -> nil
This signature was generated using 23 samples from 1 application.
def scrub_css_attribute(node) if Loofah::HTML5::Scrub.respond_to?(:scrub_css_attribute) Loofah::HTML5::Scrub.scrub_css_attribute(node) else style = node.attributes["style"] style.value = Loofah::HTML5::Scrub.scrub_css(style.value) if style end end
def scrub_node(node)
Experimental RBS support (using type sampling data from the type_fusion project).
def scrub_node: (Nokogiri::XML::Element node) -> Nokogiri::XML::Element
This signature was generated using 7 samples from 1 application.
def scrub_node(node) node.before(node.children) unless prune # strip node.remove end
def skip_node?(node)
Experimental RBS support (using type sampling data from the type_fusion project).
def skip_node?: ((Nokogiri::XML::Element | Nokogiri::XML::Text) node) -> bool
This signature was generated using 45 samples from 1 application.
def skip_node?(node) node.text? end
def tags=(tags)
Experimental RBS support (using type sampling data from the type_fusion project).
def tags=: (Set tags) -> Set
This signature was generated using 8 samples from 1 application.
def tags=(tags) @tags = validate!(tags, :tags) end
def validate!(var, name)
Experimental RBS support (using type sampling data from the type_fusion project).
def validate!: (Set var, Symbol name) -> Set
This signature was generated using 7 samples from 1 application.
def validate!(var, name) if var && !var.is_a?(Enumerable) raise ArgumentError, "You should pass :#{name} as an Enumerable" end var end