class Sanitize::CSS

def self.properties(css, config = {})

Returns:
  • (String) - Sanitized CSS properties. 
def self.properties(css, config = {})
  self.new(config).properties(css)
end

def self.stylesheet(css, config = {}) 

def self.stylesheet(css, config = {})
  self.new(config).stylesheet(css)
end

def self.tree!(tree, config = {}) 

def self.tree!(tree, config = {})
  self.new(config).tree!(tree)
end

def at_rule!(rule)

current config doesn't allow this at-rule.
Sanitizes a CSS at-rule node. Returns the sanitized node, or `nil` if the 
def at_rule!(rule)
  name = rule[:name].downcase
  return nil unless @config[:at_rules].include?(name)
  if AT_RULES_WITH_STYLES.include?(name)
    styles = Crass::Parser.parse_rules(rule[:block][:value],
      :preserve_comments => @config[:allow_comments],
      :preserve_hacks    => @config[:allow_hacks])
    rule[:block][:value] = tree!(styles)
  elsif AT_RULES_WITH_PROPERTIES.include?(name)
    props = Crass::Parser.parse_properties(rule[:block][:value],
      :preserve_comments => @config[:allow_comments],
      :preserve_hacks    => @config[:allow_hacks])
    rule[:block][:value] = tree!(props)
  else
    rule.delete(:block)
  end
  rule
end

def initialize(config = {})

_config_.
Returns a new Sanitize::CSS object initialized with the settings in 
def initialize(config = {})
  @config = Config.merge(Config::DEFAULT[:css], config[:css] || config)
end

def properties(css)

Returns:
  • (String) - Sanitized CSS properties. 
def properties(css)
  tree = Crass.parse_properties(css,
    :preserve_comments => @config[:allow_comments],
    :preserve_hacks    => @config[:allow_hacks])
  tree!(tree)
  Crass::Parser.stringify(tree)
end

def property!(prop)

current config doesn't allow this property.
Sanitizes a CSS property node. Returns the sanitized node, or `nil` if the 
def property!(prop)
  name = prop[:name].downcase
  # Preserve IE * and _ hacks if desired.
  if @config[:allow_hacks]
    name.slice!(0) if name =~ /\A[*_]/
  end
  return nil unless @config[:properties].include?(name)
  nodes          = prop[:children].dup
  combined_value = ''
  nodes.each do |child|
    value = child[:value]
    case child[:node]
    when :ident
      combined_value << value if String === value
    when :function
      if child.key?(:name)
        return nil if child[:name].downcase == 'expression'
      end
      if Array === value
        nodes.concat(value)
      elsif String === value
        combined_value << value
        if value.downcase == 'expression' || combined_value.downcase == 'expression'
          return nil
        end
      end
    when :url
      if value =~ Sanitize::REGEX_PROTOCOL
        return nil unless @config[:protocols].include?($1.downcase)
      else
        return nil unless @config[:protocols].include?(:relative)
      end
    when :bad_url
      return nil
    end
  end
  prop
end

def stylesheet(css)

Returns:
  • (String) - Sanitized CSS stylesheet. 
def stylesheet(css)
  tree = Crass.parse(css,
    :preserve_comments => @config[:allow_comments],
    :preserve_hacks    => @config[:allow_hacks])
  tree!(tree)
  Crass::Parser.stringify(tree)
end

def tree!(tree)

Returns:
  • (Array) - Sanitized Crass CSS parse tree. 
def tree!(tree)
  tree.map! do |node|
    next nil if node.nil?
    case node[:node]
    when :at_rule
      next at_rule!(node)
    when :comment
      next node if @config[:allow_comments]
    when :property
      next property!(node)
    when :style_rule
      tree!(node[:children])
      next node
    when :whitespace
      next node
    end
    nil
  end
  tree
end