class Sanitize::Policy::Whitelist

Overview

This is a simple policy based on a tag and attribute whitelist.

This policy accepts only <div> and <p> tags with optional title attributes:

policy = Sanitize::Policy::Whitelist.new({
  "div" => Set{"title"},
  "p"   => Set{"title"},
})

The special * key applies to all tag names and can be used to allow global attributes:

This example is equivalent to the above. If more tag names were added, they would also accept title attributes.

policy = Sanitize::Policy::Whitelist.new({
  "div" => Set(String).new,
  "p"   => Set(String).new,
  "*"   => Set{"title"},
})

Attributes are always optional, so this policy won't enforce the presence of an attribute.

If a tag's attribute list is empty, no attributes are allowed for this tag.

Attribute values are not changed by this policy.

Direct Known Subclasses

Defined in:

policy/whitelist.cr

Constructors

Instance Method Summary

Instance methods inherited from class Sanitize::Policy

block_tag?(name) block_tag?, block_whitespace : String block_whitespace, block_whitespace=(block_whitespace : String) block_whitespace=, process(html : String | XML::Node) : String process, process_document(html : String | XML::Node) : String process_document, transform_tag(name : String, attributes : Hash(String, String)) : String | Processor::CONTINUE | Processor::STOP transform_tag, transform_text(text : String) : String | Nil transform_text

Constructor Detail

def self.new(accepted_attributes : Hash(String, Set(String))) #

[View source]

Instance Method Detail

def accepted_attributes : Hash(String, Set(String)) #

Mapping of accepted tag names and attributes.


[View source]
def accepted_attributes=(accepted_attributes : Hash(String, Set(String))) #

Mapping of accepted tag names and attributes.


[View source]
def global_attributes : Set(String) #

Short cut to accepted_attributes["*"].


[View source]
def transform_attributes(name : String, attributes : Hash(String, String)) : String | CONTINUE | STOP #

[View source]
def transform_tag(name : String, attributes : Hash(String, String)) : String | CONTINUE | STOP #
Description copied from class Sanitize::Policy

Receives the element name and attributes of an opening tag and returns the transformed element name (usually the same as the input name).

attributes are transformed directly in place.

Special return values:

  • Processor::CONTINUE: Tells the processor to strip the current tag but continue traversing its children.
  • Processor::CONTINUE: Tells the processor to skip the current tag and its children completely and move to the next sibling.

[View source]
def transform_text(text : String) : String | Nil #
Description copied from class Sanitize::Policy

Receives the content of a text node and returns the transformed content.

If the return value is nil, the content is skipped.


[View source]