34 lines
784 B
Ruby
34 lines
784 B
Ruby
module NoteSanitizer
|
|
ALLOWED_ELEMENTS = %w(
|
|
code center tn h1 h2 h3 h4 h5 h6 a span div blockquote br p ul li ol em
|
|
strong small big b i font u s pre ruby rb rt rp rtc sub sup hr wbr
|
|
)
|
|
|
|
ALLOWED_ATTRIBUTES = {
|
|
:all => %w(style title),
|
|
"a" => %w(href),
|
|
"span" => %w(class),
|
|
"div" => %w(class align),
|
|
"p" => %w(class align),
|
|
"font" => %w(color size),
|
|
}
|
|
|
|
def self.sanitize(text)
|
|
text.gsub!(/<( |-|3|:|>|\Z)/, "<\\1")
|
|
|
|
Sanitize.clean(
|
|
text,
|
|
:elements => ALLOWED_ELEMENTS,
|
|
:attributes => ALLOWED_ATTRIBUTES,
|
|
:protocols => {
|
|
"a" => {
|
|
"href" => ["http", "https", :relative]
|
|
}
|
|
},
|
|
:css => Sanitize::Config::RELAXED[:css].merge({
|
|
:protocols => []
|
|
})
|
|
)
|
|
end
|
|
end
|