class Sanitize::URISanitizer

Overview

A URISanitizer is used to validate and transform a URI based on specified rules.

Defined in:

uri_sanitizer.cr

Constructors

Instance Method Summary

Constructor Detail

def self.new(accepted_schemes : Set(String) | Nil = Set {"http", "https", "mailto", "tel"}) #

[View source]

Instance Method Detail

def accept_scheme(scheme : String) #

Adds scheme to #accepted_schemes.


[View source]
def accepted_hosts : Set(String) | Nil #

Specifies a whitelist of hosts this sanitizer accepts.

If empty, no hosts are accepted (i.e. only relative URIs are valid). If nil, all hosts are accepted (default).

The blacklist #rejected_hosts has precedence over this whitelist.


[View source]
def accepted_hosts=(accepted_hosts : Set(String) | Nil) #

Specifies a whitelist of hosts this sanitizer accepts.

If empty, no hosts are accepted (i.e. only relative URIs are valid). If nil, all hosts are accepted (default).

The blacklist #rejected_hosts has precedence over this whitelist.


[View source]
def accepted_schemes : Set(String) | Nil #

Specifies a whitelist of URI schemes this sanitizer accepts.

If empty, no schemes are accepted (i.e. only relative URIs are valid). If nil, all schemes are accepted (this setting is potentially dangerous).

Relative URIs are not affected by this setting.


[View source]
def accepted_schemes=(accepted_schemes : Set(String) | Nil) #

Specifies a whitelist of URI schemes this sanitizer accepts.

If empty, no schemes are accepted (i.e. only relative URIs are valid). If nil, all schemes are accepted (this setting is potentially dangerous).

Relative URIs are not affected by this setting.


[View source]
def accepts_host?(host) #

[View source]
def accepts_scheme?(scheme) #

[View source]
def base_url : URI | Nil #

Specifies a base URL all relative URLs are resolved against.

If nil, relative URLs are not resolved.


[View source]
def base_url=(base_url : URI | Nil) #

Specifies a base URL all relative URLs are resolved against.

If nil, relative URLs are not resolved.


[View source]
def rejected_hosts : Set(String) #

Specifies a blacklist of hosts this sanitizer rejects.

If empty, no hosts are rejected.

This blacklist has precedence over the whitelist #accepted_hosts.


[View source]
def rejected_hosts=(rejected_hosts : Set(String)) #

Specifies a blacklist of hosts this sanitizer rejects.

If empty, no hosts are rejected.

This blacklist has precedence over the whitelist #accepted_hosts.


[View source]
def resolve_base_url(uri) #

[View source]
def resolve_fragment_urls : Bool #

Configures whether fragment-only URIs are resolved on #base_url.

sanitizer = Sanitize::URISanitizer.new
sanitizer.base_url = URI.parse("https://example.com/base/")
sanitizer.sanitize(URI.parse("#foo")) # => "#foo"

sanitizer.resolve_fragment_urls = true
sanitizer.sanitize(URI.parse("#foo")) # => "https://example.com/base/#foo"

[View source]
def resolve_fragment_urls=(resolve_fragment_urls : Bool) #

Configures whether fragment-only URIs are resolved on #base_url.

sanitizer = Sanitize::URISanitizer.new
sanitizer.base_url = URI.parse("https://example.com/base/")
sanitizer.sanitize(URI.parse("#foo")) # => "#foo"

sanitizer.resolve_fragment_urls = true
sanitizer.sanitize(URI.parse("#foo")) # => "https://example.com/base/#foo"

[View source]
def sanitize(uri : URI) : URI | Nil #

[View source]