2017-02-02 18:49:34 +00:00
|
|
|
|
|
|
|
# content of this tags will also be removed
|
|
|
|
Rails.application.config.html_sanitizer_tags_remove_content = %w(
|
|
|
|
style
|
|
|
|
)
|
|
|
|
|
2017-03-10 06:49:01 +00:00
|
|
|
# content of this tags will will be inserted html quoted
|
|
|
|
Rails.application.config.html_sanitizer_tags_quote_content = %w(
|
|
|
|
script
|
|
|
|
)
|
|
|
|
|
2017-02-02 18:49:34 +00:00
|
|
|
# only this tags are allowed
|
|
|
|
Rails.application.config.html_sanitizer_tags_whitelist = %w(
|
|
|
|
a abbr acronym address area article aside audio
|
|
|
|
b bdi bdo big blockquote br
|
|
|
|
canvas caption center cite code col colgroup command
|
|
|
|
datalist dd del details dfn dir div dl dt em
|
|
|
|
figcaption figure footer h1 h2 h3 h4 h5 h6 header hr
|
|
|
|
i img ins kbd label legend li map mark menu meter nav
|
|
|
|
ol output optgroup option p pre q
|
|
|
|
s samp section small span strike strong sub summary sup
|
|
|
|
text table tbody td tfoot th thead time tr tt u ul var video
|
|
|
|
)
|
|
|
|
|
|
|
|
# attributes allowed for tags
|
|
|
|
Rails.application.config.html_sanitizer_attributes_whitelist = {
|
2017-03-13 18:38:29 +00:00
|
|
|
:all => %w(class dir lang title translate data-signature data-signature-id),
|
2017-02-02 18:49:34 +00:00
|
|
|
'a' => %w(href hreflang name rel),
|
|
|
|
'abbr' => %w(title),
|
2017-03-10 06:49:01 +00:00
|
|
|
'blockquote' => %w(type cite),
|
2017-02-02 18:49:34 +00:00
|
|
|
'col' => %w(span width),
|
|
|
|
'colgroup' => %w(span width),
|
|
|
|
'data' => %w(value),
|
|
|
|
'del' => %w(cite datetime),
|
|
|
|
'dfn' => %w(title),
|
2017-03-13 18:38:29 +00:00
|
|
|
'img' => %w(align alt border height src srcset width style),
|
2017-02-02 18:49:34 +00:00
|
|
|
'ins' => %w(cite datetime),
|
|
|
|
'li' => %w(value),
|
|
|
|
'ol' => %w(reversed start type),
|
2017-04-28 10:16:15 +00:00
|
|
|
'table' => %w(align bgcolor border cellpadding cellspacing frame rules sortable summary width style),
|
|
|
|
'td' => %w(abbr align axis colspan headers rowspan valign width style),
|
|
|
|
'th' => %w(abbr align axis colspan headers rowspan scope sorted valign width style),
|
2017-02-02 18:49:34 +00:00
|
|
|
'ul' => %w(type),
|
|
|
|
'q' => %w(cite),
|
2017-04-28 10:16:15 +00:00
|
|
|
'span' => %w(style),
|
2017-02-02 18:49:34 +00:00
|
|
|
'time' => %w(datetime pubdate),
|
|
|
|
}
|
|
|
|
|
|
|
|
# only this css properties are allowed
|
2017-04-28 10:16:15 +00:00
|
|
|
Rails.application.config.html_sanitizer_css_properties_whitelist = {
|
|
|
|
'img' => %w(
|
|
|
|
width height
|
|
|
|
max-width min-width
|
|
|
|
max-height min-height
|
|
|
|
),
|
|
|
|
'span' => %w(
|
|
|
|
color
|
|
|
|
),
|
|
|
|
'table' => %w(
|
|
|
|
background-color color
|
|
|
|
padding margin
|
|
|
|
text-align
|
|
|
|
border border-collapse border-style
|
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
|
|
|
),
|
|
|
|
'th' => %w(
|
|
|
|
background-color color
|
|
|
|
padding margin
|
|
|
|
text-align
|
|
|
|
border border-collapse border-style
|
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
|
|
|
),
|
|
|
|
'tr' => %w(
|
|
|
|
background-color color
|
|
|
|
padding margin
|
|
|
|
text-align
|
|
|
|
border border-collapse border-style
|
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
|
|
|
),
|
|
|
|
'td' => %w(
|
|
|
|
background-color color
|
|
|
|
padding margin
|
|
|
|
text-align
|
|
|
|
border border-collapse border-style
|
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
|
|
|
),
|
|
|
|
}
|