Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: cd5e64f7db
Branches Tags
zammad
/
config
/
initializers
/
html_sanitizer.rb

html_sanitizer.rb 4.1 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128 
  1. 

  2. # content of this tags will also be removed
    3. 

  3. Rails.application.config.html_sanitizer_tags_remove_content = %w[
    4. 

  4.   style
    5. 

  5. ]
    6. 

  6. 

  7. # content of this tags will will be inserted html quoted
    8. 

  8. Rails.application.config.html_sanitizer_tags_quote_content = %w[
    9. 

  9.   script
    10. 

  10. ]
    11. 

  11. 

  12. # only this tags are allowed
    13. 

  13. Rails.application.config.html_sanitizer_tags_whitelist = %w[
    14. 

  14.   a abbr acronym address area article aside audio
    15. 

  15.   b bdi bdo big blockquote br
    16. 

  16.   canvas caption center cite code col colgroup command
    17. 

  17.   datalist dd del details dfn dir div dl dt em
    18. 

  18.   figcaption figure footer h1 h2 h3 h4 h5 h6 header hr
    19. 

  19.   i img ins kbd label legend li map mark menu meter nav
    20. 

  20.   ol output optgroup option p pre q
    21. 

  21.   s samp section small span strike strong sub summary sup
    22. 

  22.   text table tbody td tfoot th thead time tr tt u ul var video
    23. 

  23. ]
    24. 

  24. 

  25. # attributes allowed for tags
    26. 

  26. Rails.application.config.html_sanitizer_attributes_whitelist = {
    27. 

  27.   :all         => %w[class dir lang title translate data-signature data-signature-id],
    28. 

  28.   'a'          => %w[href hreflang name rel],
    29. 

  29.   'abbr'       => %w[title],
    30. 

  30.   'blockquote' => %w[type cite],
    31. 

  31.   'col'        => %w[span width],
    32. 

  32.   'colgroup'   => %w[span width],
    33. 

  33.   'data'       => %w[value],
    34. 

  34.   'del'        => %w[cite datetime],
    35. 

  35.   'dfn'        => %w[title],
    36. 

  36.   'img'        => %w[align alt border height src srcset width style],
    37. 

  37.   'ins'        => %w[cite datetime],
    38. 

  38.   'li'         => %w[value],
    39. 

  39.   'ol'         => %w[reversed start type],
    40. 

  40.   'table'      => %w[align bgcolor border cellpadding cellspacing frame rules sortable summary width style],
    41. 

  41.   'td'         => %w[abbr align axis colspan headers rowspan valign width style],
    42. 

  42.   'th'         => %w[abbr align axis colspan headers rowspan scope sorted valign width style],
    43. 

  43.   'tr'         => %w[width style],
    44. 

  44.   'ul'         => %w[type],
    45. 

  45.   'q'          => %w[cite],
    46. 

  46.   'span'       => %w[style],
    47. 

  47.   'time'       => %w[datetime pubdate],
    48. 

  48. }
    49. 

  49. 

  50. # only this css properties are allowed
    51. 

  51. Rails.application.config.html_sanitizer_css_properties_whitelist = {
    52. 

  52.   'img' => %w[
    53. 

  53.     width height
    54. 

  54.     max-width min-width
    55. 

  55.     max-height min-height
    56. 

  56.   ],
    57. 

  57.   'span' => %w[
    58. 

  58.     color
    59. 

  59.   ],
    60. 

  60.   'table' => %w[
    61. 

  61.     background background-color color font-size vertical-align
    62. 

  62.     margin margin-top margin-right margin-bottom margin-left
    63. 

  63.     padding padding-top padding-right padding-bottom padding-left
    64. 

  64.     text-align
    65. 

  65.     border border-top border-right border-bottom border-left border-collapse border-style border-spacing
    66. 

  66. 

  67.     border-top-width
    68. 

  68.     border-right-width
    69. 

  69.     border-bottom-width
    70. 

  70.     border-left-width
    71. 

  71. 

  72.     border-top-color
    73. 

  73.     border-right-color
    74. 

  74.     border-bottom-color
    75. 

  75.     border-left-color
    76. 

  76.   ],
    77. 

  77.   'th' => %w[
    78. 

  78.     background background-color color font-size vertical-align
    79. 

  79.     margin margin-top margin-right margin-bottom margin-left
    80. 

  80.     padding padding-top padding-right padding-bottom padding-left
    81. 

  81.     text-align
    82. 

  82.     border border-top border-right border-bottom border-left border-collapse border-style border-spacing
    83. 

  83. 

  84.     border-top-width
    85. 

  85.     border-right-width
    86. 

  86.     border-bottom-width
    87. 

  87.     border-left-width
    88. 

  88. 

  89.     border-top-color
    90. 

  90.     border-right-color
    91. 

  91.     border-bottom-color
    92. 

  92.     border-left-color
    93. 

  93.   ],
    94. 

  94.   'tr' => %w[
    95. 

  95.     background background-color color font-size vertical-align
    96. 

  96.     margin margin-top margin-right margin-bottom margin-left
    97. 

  97.     padding padding-top padding-right padding-bottom padding-left
    98. 

  98.     text-align
    99. 

  99.     border border-top border-right border-bottom border-left border-collapse border-style border-spacing
    100. 

  100. 

  101.     border-top-width
    102. 

  102.     border-right-width
    103. 

  103.     border-bottom-width
    104. 

  104.     border-left-width
    105. 

  105. 

  106.     border-top-color
    107. 

  107.     border-right-color
    108. 

  108.     border-bottom-color
    109. 

  109.     border-left-color
    110. 

  110.   ],
    111. 

  111.   'td' => %w[
    112. 

  112.     background background-color color font-size vertical-align
    113. 

  113.     margin margin-top margin-right margin-bottom margin-left
    114. 

  114.     padding padding-top padding-right padding-bottom padding-left
    115. 

  115.     text-align
    116. 

  116.     border border-top border-right border-bottom border-left border-collapse border-style border-spacing
    117. 

  117. 

  118.     border-top-width
    119. 

  119.     border-right-width
    120. 

  120.     border-bottom-width
    121. 

  121.     border-left-width
    122. 

  122. 

  123.     border-top-color
    124. 

  124.     border-right-color
    125. 

  125.     border-bottom-color
    126. 

  126.     border-left-color
    127. 

  127.   ],
    128. 

  128. }
    129.