2017-02-02 18:49:34 +00:00
|
|
|
|
|
|
|
# content of this tags will also be removed
|
2017-11-23 08:09:44 +00:00
|
|
|
Rails.application.config.html_sanitizer_tags_remove_content = %w[
|
2017-02-02 18:49:34 +00:00
|
|
|
style
|
2017-11-23 08:09:44 +00:00
|
|
|
]
|
2017-02-02 18:49:34 +00:00
|
|
|
|
2017-03-10 06:49:01 +00:00
|
|
|
# content of this tags will will be inserted html quoted
|
2017-11-23 08:09:44 +00:00
|
|
|
Rails.application.config.html_sanitizer_tags_quote_content = %w[
|
2017-03-10 06:49:01 +00:00
|
|
|
script
|
2017-11-23 08:09:44 +00:00
|
|
|
]
|
2017-03-10 06:49:01 +00:00
|
|
|
|
2017-02-02 18:49:34 +00:00
|
|
|
# only this tags are allowed
|
2017-11-23 08:09:44 +00:00
|
|
|
Rails.application.config.html_sanitizer_tags_whitelist = %w[
|
2017-02-02 18:49:34 +00:00
|
|
|
a abbr acronym address area article aside audio
|
|
|
|
b bdi bdo big blockquote br
|
|
|
|
canvas caption center cite code col colgroup command
|
|
|
|
datalist dd del details dfn dir div dl dt em
|
|
|
|
figcaption figure footer h1 h2 h3 h4 h5 h6 header hr
|
|
|
|
i img ins kbd label legend li map mark menu meter nav
|
|
|
|
ol output optgroup option p pre q
|
|
|
|
s samp section small span strike strong sub summary sup
|
|
|
|
text table tbody td tfoot th thead time tr tt u ul var video
|
2017-11-23 08:09:44 +00:00
|
|
|
]
|
2017-02-02 18:49:34 +00:00
|
|
|
|
|
|
|
# attributes allowed for tags
|
|
|
|
Rails.application.config.html_sanitizer_attributes_whitelist = {
|
2017-11-23 08:09:44 +00:00
|
|
|
:all => %w[class dir lang title translate data-signature data-signature-id],
|
|
|
|
'a' => %w[href hreflang name rel],
|
|
|
|
'abbr' => %w[title],
|
|
|
|
'blockquote' => %w[type cite],
|
|
|
|
'col' => %w[span width],
|
|
|
|
'colgroup' => %w[span width],
|
|
|
|
'data' => %w[value],
|
|
|
|
'del' => %w[cite datetime],
|
|
|
|
'dfn' => %w[title],
|
|
|
|
'img' => %w[align alt border height src srcset width style],
|
|
|
|
'ins' => %w[cite datetime],
|
|
|
|
'li' => %w[value],
|
|
|
|
'ol' => %w[reversed start type],
|
|
|
|
'table' => %w[align bgcolor border cellpadding cellspacing frame rules sortable summary width style],
|
|
|
|
'td' => %w[abbr align axis colspan headers rowspan valign width style],
|
|
|
|
'th' => %w[abbr align axis colspan headers rowspan scope sorted valign width style],
|
|
|
|
'tr' => %w[width style],
|
|
|
|
'ul' => %w[type],
|
|
|
|
'q' => %w[cite],
|
|
|
|
'span' => %w[style],
|
|
|
|
'time' => %w[datetime pubdate],
|
2017-02-02 18:49:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
# only this css properties are allowed
|
2017-04-28 10:16:15 +00:00
|
|
|
Rails.application.config.html_sanitizer_css_properties_whitelist = {
|
2017-11-23 08:09:44 +00:00
|
|
|
'img' => %w[
|
2017-04-28 10:16:15 +00:00
|
|
|
width height
|
|
|
|
max-width min-width
|
|
|
|
max-height min-height
|
2017-11-23 08:09:44 +00:00
|
|
|
],
|
|
|
|
'span' => %w[
|
2017-04-28 10:16:15 +00:00
|
|
|
color
|
2017-11-23 08:09:44 +00:00
|
|
|
],
|
|
|
|
'table' => %w[
|
2017-05-05 13:22:11 +00:00
|
|
|
background background-color color font-size vertical-align
|
2017-04-29 09:44:35 +00:00
|
|
|
margin margin-top margin-right margin-bottom margin-left
|
|
|
|
padding padding-top padding-right padding-bottom padding-left
|
2017-04-28 10:16:15 +00:00
|
|
|
text-align
|
2017-05-05 13:22:11 +00:00
|
|
|
border border-top border-right border-bottom border-left border-collapse border-style border-spacing
|
2017-04-28 10:16:15 +00:00
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
2017-11-23 08:09:44 +00:00
|
|
|
],
|
|
|
|
'th' => %w[
|
2017-05-05 13:22:11 +00:00
|
|
|
background background-color color font-size vertical-align
|
2017-04-29 09:44:35 +00:00
|
|
|
margin margin-top margin-right margin-bottom margin-left
|
|
|
|
padding padding-top padding-right padding-bottom padding-left
|
2017-04-28 10:16:15 +00:00
|
|
|
text-align
|
2017-05-05 13:22:11 +00:00
|
|
|
border border-top border-right border-bottom border-left border-collapse border-style border-spacing
|
2017-04-28 10:16:15 +00:00
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
2017-11-23 08:09:44 +00:00
|
|
|
],
|
|
|
|
'tr' => %w[
|
2017-05-05 13:22:11 +00:00
|
|
|
background background-color color font-size vertical-align
|
2017-04-29 09:44:35 +00:00
|
|
|
margin margin-top margin-right margin-bottom margin-left
|
|
|
|
padding padding-top padding-right padding-bottom padding-left
|
2017-04-28 10:16:15 +00:00
|
|
|
text-align
|
2017-05-05 13:22:11 +00:00
|
|
|
border border-top border-right border-bottom border-left border-collapse border-style border-spacing
|
2017-04-28 10:16:15 +00:00
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
2017-11-23 08:09:44 +00:00
|
|
|
],
|
|
|
|
'td' => %w[
|
2017-05-05 13:22:11 +00:00
|
|
|
background background-color color font-size vertical-align
|
2017-04-29 09:44:35 +00:00
|
|
|
margin margin-top margin-right margin-bottom margin-left
|
|
|
|
padding padding-top padding-right padding-bottom padding-left
|
2017-04-28 10:16:15 +00:00
|
|
|
text-align
|
2017-05-05 13:22:11 +00:00
|
|
|
border border-top border-right border-bottom border-left border-collapse border-style border-spacing
|
2017-04-28 10:16:15 +00:00
|
|
|
|
|
|
|
border-top-width
|
|
|
|
border-right-width
|
|
|
|
border-bottom-width
|
|
|
|
border-left-width
|
|
|
|
|
|
|
|
border-top-color
|
|
|
|
border-right-color
|
|
|
|
border-bottom-color
|
|
|
|
border-left-color
|
2017-11-23 08:09:44 +00:00
|
|
|
],
|
2017-04-28 10:16:15 +00:00
|
|
|
}
|
2018-01-09 13:15:06 +00:00
|
|
|
|
|
|
|
Rails.application.config.html_sanitizer_css_values_backlist = {
|
|
|
|
'table' => [
|
|
|
|
'font-size:0',
|
|
|
|
'font-size:0px',
|
|
|
|
'font-size:0em',
|
|
|
|
'font-size:0%',
|
|
|
|
'display:none',
|
|
|
|
'visibility:hidden',
|
|
|
|
],
|
|
|
|
'th' => [
|
|
|
|
'font-size:0',
|
|
|
|
'font-size:0px',
|
|
|
|
'font-size:0em',
|
|
|
|
'font-size:0%',
|
|
|
|
'display:none',
|
|
|
|
'visibility:hidden',
|
|
|
|
],
|
|
|
|
'tr' => [
|
|
|
|
'font-size:0',
|
|
|
|
'font-size:0px',
|
|
|
|
'font-size:0em',
|
|
|
|
'font-size:0%',
|
|
|
|
'display:none',
|
|
|
|
'visibility:hidden',
|
|
|
|
],
|
|
|
|
'td' => [
|
|
|
|
'font-size:0',
|
|
|
|
'font-size:0px',
|
|
|
|
'font-size:0em',
|
|
|
|
'font-size:0%',
|
|
|
|
'display:none',
|
|
|
|
'visibility:hidden',
|
|
|
|
],
|
|
|
|
}
|