SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265
							# Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/

# content of this tags will also be removed
Rails.application.config.html_sanitizer_tags_remove_content = %w[
  style
  comment
  meta
  script
  title
]

# content of this tags will will be inserted html quoted
Rails.application.config.html_sanitizer_tags_quote_content = %w[]

# only this tags are allowed
Rails.application.config.html_sanitizer_tags_allowlist = %w[
  a abbr acronym address area article aside audio
  b bdi bdo big blockquote br
  canvas caption center cite code col colgroup command
  datalist dd del details dfn dir div dl dt em
  figcaption figure footer h1 h2 h3 h4 h5 h6 header hr
  i img ins kbd label legend li map mark menu meter nav
  ol output optgroup option p pre q
  s samp section small span strike strong sub summary sup
  text table tbody td tfoot th thead time tr tt u ul var video
]

# attributes allowed for tags
Rails.application.config.html_sanitizer_attributes_allowlist = {
  :all         => %w[class dir lang title translate data-signature data-signature-id],
  'a'          => %w[href hreflang name rel data-target-id data-target-type data-mention-user-id],
  'abbr'       => %w[title],
  'blockquote' => %w[type cite],
  'col'        => %w[span width],
  'colgroup'   => %w[span width],
  'data'       => %w[value],
  'del'        => %w[cite datetime],
  'dfn'        => %w[title],
  'img'        => %w[align alt border height src srcset width style],
  'ins'        => %w[cite datetime],
  'li'         => %w[value],
  'ol'         => %w[reversed start type],
  'table'      => %w[align bgcolor border cellpadding cellspacing frame rules sortable summary width style],
  'td'         => %w[abbr align axis colspan headers rowspan valign width style],
  'th'         => %w[abbr align axis colspan headers rowspan scope sorted valign width style],
  'tr'         => %w[width style],
  'ul'         => %w[type],
  'q'          => %w[cite],
  'span'       => %w[style],
  'div'        => %w[style],
  'p'          => %w[style],
  'time'       => %w[datetime pubdate],
}

# only this css properties are allowed
Rails.application.config.html_sanitizer_css_properties_allowlist = {
  'img'   => %w[
    width height
    max-width min-width
    max-height min-height
  ],
  'span'  => %w[
    color
    background background-color
  ],
  'div'   => %w[
    color
  ],
  'p'     => %w[
    white-space
  ],
  'table' => %w[
    background background-color color font-size vertical-align
    margin margin-top margin-right margin-bottom margin-left
    padding padding-top padding-right padding-bottom padding-left
    text-align
    border border-top border-right border-bottom border-left border-collapse border-style border-spacing

    border-top-width border-right-width border-bottom-width border-left-width
    border-top-color border-right-color border-bottom-color border-left-color
    border-top-style border-right-style border-bottom-style border-left-style
    width
  ],
  'th'    => %w[
    background background-color color font-size vertical-align
    margin margin-top margin-right margin-bottom margin-left
    padding padding-top padding-right padding-bottom padding-left
    text-align
    border border-top border-right border-bottom border-left border-collapse border-style border-spacing

    border-top-width border-right-width border-bottom-width border-left-width
    border-top-color border-right-color border-bottom-color border-left-color
    border-top-style border-right-style border-bottom-style border-left-style
    width
  ],
  'tr'    => %w[
    background background-color color font-size vertical-align
    margin margin-top margin-right margin-bottom margin-left
    padding padding-top padding-right padding-bottom padding-left
    text-align
    border border-top border-right border-bottom border-left border-collapse border-style border-spacing

    border-top-width border-right-width border-bottom-width border-left-width
    border-top-color border-right-color border-bottom-color border-left-color
    border-top-style border-right-style border-bottom-style border-left-style
    width
  ],
  'td'    => %w[
    background background-color color font-size vertical-align
    margin margin-top margin-right margin-bottom margin-left
    padding padding-top padding-right padding-bottom padding-left
    text-align
    border border-top border-right border-bottom border-left border-collapse border-style border-spacing

    border-top-width border-right-width border-bottom-width border-left-width
    border-top-color border-right-color border-bottom-color border-left-color
    border-top-style border-right-style border-bottom-style border-left-style
    width
  ],
}

Rails.application.config.html_sanitizer_css_values_blocklist = {
  'div'   => [
    'color:white',
    'color:black',
    'color:#000',
    'color:#000000',
    'color:#fff',
    'color:#ffffff',
    'color:rgb(0,0,0)',
  ],
  'span'  => [
    'color:white',
    'color:black',
    'color:#000',
    'color:#000000',
    'color:#fff',
    'color:#ffffff',
    'color:rgb(0,0,0)',
  ],
  'p'     => [
    'white-space:nowrap',
    'white-space:pre',
  ],
  'table' => [
    'font-size:0',
    'font-size:0px',
    'font-size:0pt',
    'font-size:0em',
    'font-size:0%',
    'font-size:1',
    'font-size:1px',
    'font-size:1pt',
    'font-size:1em',
    'font-size:1%',
    'font-size:2',
    'font-size:2px',
    'font-size:2pt',
    'font-size:2em',
    'font-size:2%',
    'font-size:3',
    'font-size:3px',
    'font-size:3pt',
    'font-size:3em',
    'font-size:3%',
    'display:none',
    'visibility:hidden',
    'width:0',
    'width:0px',
    'width:0pt',
    'width:0em',
    'width:0cm',
    'width:0%',
  ],
  'th'    => [
    'font-size:0',
    'font-size:0px',
    'font-size:0pt',
    'font-size:0em',
    'font-size:0%',
    'font-size:1',
    'font-size:1px',
    'font-size:1pt',
    'font-size:1em',
    'font-size:1%',
    'font-size:2',
    'font-size:2px',
    'font-size:2pt',
    'font-size:2em',
    'font-size:2%',
    'font-size:3',
    'font-size:3px',
    'font-size:3pt',
    'font-size:3em',
    'font-size:3%',
    'display:none',
    'visibility:hidden',
    'width:0',
    'width:0px',
    'width:0pt',
    'width:0em',
    'width:0cm',
    'width:0%',
  ],
  'tr'    => [
    'font-size:0',
    'font-size:0px',
    'font-size:0pt',
    'font-size:0em',
    'font-size:0%',
    'font-size:1',
    'font-size:1px',
    'font-size:1pt',
    'font-size:1em',
    'font-size:1%',
    'font-size:2',
    'font-size:2px',
    'font-size:2pt',
    'font-size:2em',
    'font-size:2%',
    'font-size:3',
    'font-size:3px',
    'font-size:3pt',
    'font-size:3em',
    'font-size:3%',
    'display:none',
    'visibility:hidden',
    'width:0',
    'width:0px',
    'width:0pt',
    'width:0em',
    'width:0cm',
    'width:0%',
  ],
  'td'    => [
    'font-size:0',
    'font-size:0px',
    'font-size:0pt',
    'font-size:0em',
    'font-size:0%',
    'font-size:1',
    'font-size:1px',
    'font-size:1pt',
    'font-size:1em',
    'font-size:1%',
    'font-size:2',
    'font-size:2px',
    'font-size:2pt',
    'font-size:2em',
    'font-size:2%',
    'font-size:3',
    'font-size:3px',
    'font-size:3pt',
    'font-size:3em',
    'font-size:3%',
    'display:none',
    'visibility:hidden',
    'width:0',
    'width:0px',
    'width:0pt',
    'width:0em',
    'width:0cm',
    'width:0%',
  ],
}