class Rails::HTML4::SafeListSanitizer

safe_list_sanitizer.sanitize_css(‘background-color: #000;’)
# the sanitizer can also sanitize CSS
safe_list_sanitizer = Rails::HTML4::SafeListSanitizer.new(prune: true)
# prune nodes from the tree instead of stripping tags and leaving inner content
safe_list_sanitizer.sanitize(@article.body, scrubber: ArticleScrubber.new)
# sanitize via a custom Loofah scrubber
)
attributes: %w(id class style),
tags: %w(table tr td),
@article.body,
safe_list_sanitizer.sanitize(
# sanitize via the supplied tags and attributes
safe_list_sanitizer.sanitize(@article.body)
# default: sanitize via a extensive safe list of allowed elements
safe_list_sanitizer = Rails::HTML4::SafeListSanitizer.new
=== Examples
class level options.
Tags and attributes can also be passed to sanitize. Passed options take precedence over the
Rails::HTML4::SafeListSanitizer.allowed_attributes = %w(id class style)
Rails::HTML4::SafeListSanitizer.allowed_tags = %w(table tr td)
There’s a class level option:
SafeListSanitizer also accepts options to configure the safe list used when sanitizing html.
Rails::HTML::Concern::Scrubber::SafeList
Sanitizes both html and css via the safe lists found in
=== Options
pre tags or that you do so automatically.
anyway. It might be better to suggest your users wrap their whitespace sensitive content in
When the stripped markup will be rendered the users browser won’t take whitespace into account
parsers determine how whitespace is ultimately handled.
which wraps either a C or Java parser for the respective Ruby implementation. Those two
We can’t make any guarantees about whitespace being kept or stripped. Loofah uses Nokogiri,
=== Whitespace
Sanitizes HTML4 and CSS from an extensive safe list.
== Rails::HTML4::SafeListSanitizer

Namespace

Rails::HTML4

Parent class

Rails::HTML4::Rails::HTML::Sanitizer

Included Modules

Defined in

lib/rails/html/sanitizer.rb