html_sanitizer.rb 1.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748
  1. # content of this tags will also be removed
  2. Rails.application.config.html_sanitizer_tags_remove_content = %w(
  3. style
  4. )
  5. # only this tags are allowed
  6. Rails.application.config.html_sanitizer_tags_whitelist = %w(
  7. a abbr acronym address area article aside audio
  8. b bdi bdo big blockquote br
  9. canvas caption center cite code col colgroup command
  10. datalist dd del details dfn dir div dl dt em
  11. figcaption figure footer h1 h2 h3 h4 h5 h6 header hr
  12. i img ins kbd label legend li map mark menu meter nav
  13. ol output optgroup option p pre q
  14. s samp section small span strike strong sub summary sup
  15. text table tbody td tfoot th thead time tr tt u ul var video
  16. )
  17. # attributes allowed for tags
  18. Rails.application.config.html_sanitizer_attributes_whitelist = {
  19. :all => %w(class dir lang style title translate data-signature data-signature-id),
  20. 'a' => %w(href hreflang name rel),
  21. 'abbr' => %w(title),
  22. 'blockquote' => %w(cite),
  23. 'col' => %w(span width),
  24. 'colgroup' => %w(span width),
  25. 'data' => %w(value),
  26. 'del' => %w(cite datetime),
  27. 'dfn' => %w(title),
  28. 'img' => %w(align alt border height src srcset width),
  29. 'ins' => %w(cite datetime),
  30. 'li' => %w(value),
  31. 'ol' => %w(reversed start type),
  32. 'table' => %w(align bgcolor border cellpadding cellspacing frame rules sortable summary width),
  33. 'td' => %w(abbr align axis colspan headers rowspan valign width),
  34. 'th' => %w(abbr align axis colspan headers rowspan scope sorted valign width),
  35. 'ul' => %w(type),
  36. 'q' => %w(cite),
  37. 'time' => %w(datetime pubdate),
  38. }
  39. # only this css properties are allowed
  40. Rails.application.config.html_sanitizer_css_properties_whitelist = %w(
  41. width height
  42. max-width min-width
  43. max-height min-height
  44. )