ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/gems/canvas_sanitize
History
Ethan Vizitei 3f706051c4 Add the directionality plugin for tinymce 
closes CNVS-19413

folks have been requesting RTL support.  This uses
tinymce's core plugin to provide it.  Unfortunately that adds
another two buttons to the toolbar.  :(

wraps the directionality plugin in an AMD wrapper, and adds it
to our default configuration

Also prevents canvas from stripping out the "dir" element
when HTML scrubbing

TEST PLAN:
 - go to any RCE
 - see the two new buttons for RTL and LTR
 - use them to change back and forth, make sure it doesn't break
 - ensure that our custom plugins don't interact badly with it. (I've
   done a cursory code read and some clicking around, but that would
   be my biggest concern)

Change-Id: I0884b65a99ec0e1db8c6abd82711a35799a062dd
Reviewed-on: https://gerrit.instructure.com/50672
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
Reviewed-by: Rob Orton <rob@instructure.com>
Product-Review: Ethan Vizitei <evizitei@instructure.com>
 		2015-03-20 21:32:29 +00:00
..
lib Add the directionality plugin for tinymce 2015-03-20 21:32:29 +00:00
spec Add the directionality plugin for tinymce 2015-03-20 21:32:29 +00:00
Gemfile spec: canvas rspec rake task for vendored_gems 2014-02-24 05:47:34 +00:00
README.md convert sanitize field plugin into proper gem: CanvasSanitize 2014-01-28 22:36:18 +00:00
Rakefile convert sanitize field plugin into proper gem: CanvasSanitize 2014-01-28 22:36:18 +00:00
canvas_sanitize.gemspec Don't strip out lang attributes when sanitizing html 2015-03-16 21:18:11 +00:00

README.md

SanitizeField

We want to be able to mix model fields with Sanitize configuration and implement a sanitization in a before_save callback.

An alternative to this plugin might be using a Rails whitelist. This isn't developed, but is an idea on http://wonko.com/post/sanitize

Rails::Initializer.run do |config| config.action_view.white_list_sanitizer = Sanitizer.new config.action_view.sanitized_allowed_tags = table, tr, td config.action_view.sanitized_allowed_attributes = id, class, style end

Our approach is finer-grained, and should work better for now at least. There is also talk about an alternative 1.9/nokogiri approach to the Sanitizer gem for more optimal performance. Keeping our eyes open about these issues.

Example

class BasicExample < ActiveRecord::Base sanitize :body, Sanitize::Config::RELAXED end

class Whatever < ActiveRecord::Base sanitize :body, :title, :elements => ['a', 'span'], :attributes => {'a' => ['href', 'title'], 'span' => ['class']}, :protocols => {'a' => {'href' => ['http', 'https', 'mailto']}} end

License

Copyright (C) 2011 Instructure, Inc.

This file is part of Canvas.

Canvas is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, version 3 of the License.

Canvas is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses/.