mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Make Action Text's rendering helpers more configurable
- Allow configuring the sanitizer and its options - Split attachment rendering and sanitizing helpers so each can be overridden by applications
This commit is contained in:
parent
5454cc40c5
commit
0ec2a90754
1 changed files with 14 additions and 9 deletions
|
@ -4,20 +4,27 @@ require "rails-html-sanitizer"
|
|||
|
||||
module ActionText
|
||||
module ContentHelper
|
||||
SANITIZER = Rails::Html::Sanitizer.white_list_sanitizer
|
||||
ALLOWED_TAGS = SANITIZER.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ]
|
||||
ALLOWED_ATTRIBUTES = SANITIZER.allowed_attributes + ActionText::Attachment::ATTRIBUTES
|
||||
mattr_accessor(:sanitizer) { Rails::Html::Sanitizer.white_list_sanitizer.new }
|
||||
mattr_accessor(:allowed_tags) { sanitizer.class.allowed_tags + [ ActionText::Attachment::TAG_NAME, "figure", "figcaption" ] }
|
||||
mattr_accessor(:allowed_attributes) { sanitizer.class.allowed_attributes + ActionText::Attachment::ATTRIBUTES }
|
||||
mattr_accessor(:scrubber)
|
||||
|
||||
def render_action_text_content(content)
|
||||
content = content.render_attachments do |attachment|
|
||||
sanitize_action_text_content(render_action_text_attachments(content))
|
||||
end
|
||||
|
||||
def sanitize_action_text_content(content)
|
||||
sanitizer.sanitize(content.to_html, tags: allowed_tags, attributes: allowed_attributes, scrubber: scrubber).html_safe
|
||||
end
|
||||
|
||||
def render_action_text_attachments(content)
|
||||
content.render_attachments do |attachment|
|
||||
unless attachment.in?(content.gallery_attachments)
|
||||
attachment.node.tap do |node|
|
||||
node.inner_html = render(attachment, in_gallery: false).chomp
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
content = content.render_attachment_galleries do |attachment_gallery|
|
||||
end.render_attachment_galleries do |attachment_gallery|
|
||||
render(layout: attachment_gallery, object: attachment_gallery) do
|
||||
attachment_gallery.attachments.map do |attachment|
|
||||
attachment.node.inner_html = render(attachment, in_gallery: true).chomp
|
||||
|
@ -25,8 +32,6 @@ module ActionText
|
|||
end.join("").html_safe
|
||||
end.chomp
|
||||
end
|
||||
|
||||
sanitize content.to_html, tags: ALLOWED_TAGS, attributes: ALLOWED_ATTRIBUTES
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue