Skip to content

Improve Scrubber documentations #91

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 22, 2019
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
36 changes: 18 additions & 18 deletions lib/rails/html/scrubbers.rb
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ module Rails
module Html
# === Rails::Html::PermitScrubber
#
# Rails::Html::PermitScrubber allows you to permit only your own tags and/or attributes.
# +Rails::Html::PermitScrubber+ allows you to permit only your own tags and/or attributes.
#
# Rails::Html::PermitScrubber can be subclassed to determine:
# +Rails::Html::PermitScrubber+ can be subclassed to determine:
# - When a node should be skipped via +skip_node?+.
# - When a node is allowed via +allowed_node?+.
# - When an attribute should be scrubbed via +scrub_attribute?+.
Expand All @@ -27,22 +27,22 @@ module Html
# If set, attributes excluded will be removed.
# If not, attributes are removed based on Loofahs +HTML5::Scrub.scrub_attributes+.
#
# class CommentScrubber < Html::PermitScrubber
# def initialize
# super
# self.tags = %w(form script comment blockquote)
# end
# class CommentScrubber < Html::PermitScrubber
# def initialize
# super
# self.tags = %w(form script comment blockquote)
# end
#
# def skip_node?(node)
# node.text?
# end
# def skip_node?(node)
# node.text?
# end
#
# def scrub_attribute?(name)
# name == "style"
# end
# end
# def scrub_attribute?(name)
# name == "style"
# end
# end
#
# See the documentation for Nokogiri::XML::Node to understand what's possible
# See the documentation for +Nokogiri::XML::Node+ to understand what's possible
# with nodes: https://nokogiri.org/rdoc/Nokogiri/XML/Node.html
class PermitScrubber < Loofah::Scrubber
attr_reader :tags, :attributes
Expand Down Expand Up @@ -160,8 +160,8 @@ def scrub_attribute(node, attr_node)

# === Rails::Html::TargetScrubber
#
# Where Rails::Html::PermitScrubber picks out tags and attributes to permit in
# sanitization, Rails::Html::TargetScrubber targets them for removal.
# Where +Rails::Html::PermitScrubber+ picks out tags and attributes to permit in
# sanitization, +Rails::Html::TargetScrubber+ targets them for removal.
#
# +tags=+
# If set, elements included will be stripped.
Expand All @@ -180,7 +180,7 @@ def scrub_attribute?(name)

# === Rails::Html::TextOnlyScrubber
#
# Rails::Html::TextOnlyScrubber allows you to permit text nodes.
# +Rails::Html::TextOnlyScrubber+ allows you to permit text nodes.
#
# Unallowed elements will be stripped, i.e. element is removed but its subtree kept.
class TextOnlyScrubber < Loofah::Scrubber
Expand Down