ylqjgm
/
canvas-lms
mirror of https://github.com/instructure/canvas-lms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
canvas-lms/vendor/plugins/sanitize_field
History
Brian Palmer 74b9386d9c upgrade nokogiri and sanitize gems 
Updating to nokogiri 1.5.0 requires updating to sanitize 2.0.3 as well.

Since the API for sanitize changed, we take this opportunity to remove
the monkey patching in config/initializers, and use the actual
transformers plugin interface for sanitize.

The changes to html in the specs are due to nokogiri making a couple
changes around empty tags -- html5 wants <img> , not <img />

test plan: The existing specs exercise both gems, to ensure
compatibility.

Change-Id: Id04d017dda056e03205b373ac9bfbf71bd338cb9
Reviewed-on: https://gerrit.instructure.com/7988
Tested-by: Hudson <hudson@instructure.com>
Reviewed-by: Zach Wily <zach@instructure.com>
 		2012-01-10 20:57:59 -07:00
..
lib upgrade nokogiri and sanitize gems 2012-01-10 20:57:59 -07:00
README Initial commit. 2011-01-31 18:57:29 -07:00
Rakefile Initial commit. 2011-01-31 18:57:29 -07:00
init.rb Initial commit. 2011-01-31 18:57:29 -07:00

README

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

SanitizeField
=============

We want to be able to mix model fields with Sanitize configuration and
implement a sanitization in a before_save callback.

An alternative to this plugin might be using a Rails whitelist.  This
isn't developed, but is an idea on http://wonko.com/post/sanitize

  Rails::Initializer.run do |config|
    config.action_view.white_list_sanitizer = Sanitizer.new
    config.action_view.sanitized_allowed_tags = table, tr, td
    config.action_view.sanitized_allowed_attributes = id, class, style
  end

Our approach is finer-grained, and should work better for now at least.
There is also talk about an alternative 1.9/nokogiri approach to the
Sanitizer gem for more optimal performance.  Keeping our eyes open
about these issues.

Example
=======

class BasicExample < ActiveRecord::Base
  sanitize :body, Sanitize::Config::RELAXED
end

class Whatever < ActiveRecord::Base
  sanitize :body, :title, :elements => ['a', 'span'],
    :attributes => {'a' => ['href', 'title'], 'span' => ['class']},
    :protocols => {'a' => {'href' => ['http', 'https', 'mailto']}}
end

License
=======

Copyright (C) 2011 Instructure, Inc.

This file is part of Canvas.

Canvas is free software: you can redistribute it and/or modify it under
the terms of the GNU Affero General Public License as published by the Free
Software Foundation, version 3 of the License.

Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
details.

You should have received a copy of the GNU Affero General Public License along
with this program. If not, see <http://www.gnu.org/licenses/>.