class Sanitize::CSS

def valid_url?(node)

protocol.
`:function`, since the CSS syntax can produce both) uses an allowlisted
Returns `true` if the given node (which may be of type `:url` or

def valid_url?(node)
  type = node[:node]
  if type == :function
    return false unless node.key?(:name) && node[:name].downcase == "url"
    return false unless Array === node[:value]
    # A URL function's `:value` should be an array containing no more than
    # one `:string` node and any number of `:whitespace` nodes.
    #
    # If it contains more than one `:string` node, or if it contains any
    # other nodes except `:whitespace` nodes, it's not valid.
    url_string_node = nil
    node[:value].each do |token|
      return false unless Hash === token
      case token[:node]
      when :string
        return false unless url_string_node.nil?
        url_string_node = token
      when :whitespace
        next
      else
        return false
      end
    end
    return false if url_string_node.nil?
    url = url_string_node[:value]
  elsif type == :url
    url = node[:value]
  else
    return false
  end
  if url =~ Sanitize::REGEX_PROTOCOL
    @config[:protocols].include?($1.downcase)
  else
    @config[:protocols].include?(:relative)
  end
end

Modules

Classes

class Sanitize::CSS

def valid_url?(node)

Class Methods

Instance Methods