html_sanitizer.rb 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138
  1. # content of this tags will also be removed
  2. Rails.application.config.html_sanitizer_tags_remove_content = %w[
  3. style
  4. ]
  5. # content of this tags will will be inserted html quoted
  6. Rails.application.config.html_sanitizer_tags_quote_content = %w[
  7. script
  8. ]
  9. # only this tags are allowed
  10. Rails.application.config.html_sanitizer_tags_whitelist = %w[
  11. a abbr acronym address area article aside audio
  12. b bdi bdo big blockquote br
  13. canvas caption center cite code col colgroup command
  14. datalist dd del details dfn dir div dl dt em
  15. figcaption figure footer h1 h2 h3 h4 h5 h6 header hr
  16. i img ins kbd label legend li map mark menu meter nav
  17. ol output optgroup option p pre q
  18. s samp section small span strike strong sub summary sup
  19. text table tbody td tfoot th thead time tr tt u ul var video
  20. ]
  21. # attributes allowed for tags
  22. Rails.application.config.html_sanitizer_attributes_whitelist = {
  23. :all => %w[class dir lang title translate data-signature data-signature-id],
  24. 'a' => %w[href hreflang name rel data-target-id data-target-type],
  25. 'abbr' => %w[title],
  26. 'blockquote' => %w[type cite],
  27. 'col' => %w[span width],
  28. 'colgroup' => %w[span width],
  29. 'data' => %w[value],
  30. 'del' => %w[cite datetime],
  31. 'dfn' => %w[title],
  32. 'img' => %w[align alt border height src srcset width style],
  33. 'ins' => %w[cite datetime],
  34. 'li' => %w[value],
  35. 'ol' => %w[reversed start type],
  36. 'table' => %w[align bgcolor border cellpadding cellspacing frame rules sortable summary width style],
  37. 'td' => %w[abbr align axis colspan headers rowspan valign width style],
  38. 'th' => %w[abbr align axis colspan headers rowspan scope sorted valign width style],
  39. 'tr' => %w[width style],
  40. 'ul' => %w[type],
  41. 'q' => %w[cite],
  42. 'span' => %w[style],
  43. 'time' => %w[datetime pubdate],
  44. }
  45. # only this css properties are allowed
  46. Rails.application.config.html_sanitizer_css_properties_whitelist = {
  47. 'img' => %w[
  48. width height
  49. max-width min-width
  50. max-height min-height
  51. ],
  52. 'span' => %w[
  53. color
  54. ],
  55. 'table' => %w[
  56. background background-color color font-size vertical-align
  57. margin margin-top margin-right margin-bottom margin-left
  58. padding padding-top padding-right padding-bottom padding-left
  59. text-align
  60. border border-top border-right border-bottom border-left border-collapse border-style border-spacing
  61. border-top-width border-right-width border-bottom-width border-left-width
  62. border-top-color border-right-color border-bottom-color border-left-color
  63. border-top-style border-right-style border-bottom-style border-left-style
  64. ],
  65. 'th' => %w[
  66. background background-color color font-size vertical-align
  67. margin margin-top margin-right margin-bottom margin-left
  68. padding padding-top padding-right padding-bottom padding-left
  69. text-align
  70. border border-top border-right border-bottom border-left border-collapse border-style border-spacing
  71. border-top-width border-right-width border-bottom-width border-left-width
  72. border-top-color border-right-color border-bottom-color border-left-color
  73. border-top-style border-right-style border-bottom-style border-left-style
  74. ],
  75. 'tr' => %w[
  76. background background-color color font-size vertical-align
  77. margin margin-top margin-right margin-bottom margin-left
  78. padding padding-top padding-right padding-bottom padding-left
  79. text-align
  80. border border-top border-right border-bottom border-left border-collapse border-style border-spacing
  81. border-top-width border-right-width border-bottom-width border-left-width
  82. border-top-color border-right-color border-bottom-color border-left-color
  83. border-top-style border-right-style border-bottom-style border-left-style
  84. ],
  85. 'td' => %w[
  86. background background-color color font-size vertical-align
  87. margin margin-top margin-right margin-bottom margin-left
  88. padding padding-top padding-right padding-bottom padding-left
  89. text-align
  90. border border-top border-right border-bottom border-left border-collapse border-style border-spacing
  91. border-top-width border-right-width border-bottom-width border-left-width
  92. border-top-color border-right-color border-bottom-color border-left-color
  93. border-top-style border-right-style border-bottom-style border-left-style
  94. ],
  95. }
  96. Rails.application.config.html_sanitizer_css_values_backlist = {
  97. 'table' => [
  98. 'font-size:0',
  99. 'font-size:0px',
  100. 'font-size:0em',
  101. 'font-size:0%',
  102. 'display:none',
  103. 'visibility:hidden',
  104. ],
  105. 'th' => [
  106. 'font-size:0',
  107. 'font-size:0px',
  108. 'font-size:0em',
  109. 'font-size:0%',
  110. 'display:none',
  111. 'visibility:hidden',
  112. ],
  113. 'tr' => [
  114. 'font-size:0',
  115. 'font-size:0px',
  116. 'font-size:0em',
  117. 'font-size:0%',
  118. 'display:none',
  119. 'visibility:hidden',
  120. ],
  121. 'td' => [
  122. 'font-size:0',
  123. 'font-size:0px',
  124. 'font-size:0em',
  125. 'font-size:0%',
  126. 'display:none',
  127. 'visibility:hidden',
  128. ],
  129. }