module Card::Content::Clean
tools for cleaning content, especially for restricting unwanted HTML
Constants
- ALLOWED_TAGS
- ATTR_VALUE_RE
Public Instance Methods
Source
# File lib/card/content/clean.rb, line 37 def clean! string, tags=ALLOWED_TAGS cleaned = clean_tags string, tags cleaned = clean_spaces cleaned if Cardio.config.space_last_in_multispace cleaned end
Private Instance Methods
Source
# File lib/card/content/clean.rb, line 54 def clean_spaces string string.gsub(/(?:^|\b) ((?: )+)/, '\1 ') end
Source
# File lib/card/content/clean.rb, line 58 def clean_tag match, ok_tags tag = match[2].downcase return " " unless (ok_attrs = ok_tags[tag]) "<#{match[1]}#{html_attribs tag, match[3], ok_attrs}>" end
Source
# File lib/card/content/clean.rb, line 65 def html_attribs tag, raw_attr, ok_attrs ok_attrs.each_with_object([tag]) do |ok_attr, pcs| q, rest_value = process_attribute ok_attr, raw_attr pcs << "#{ok_attr}=#{q}#{rest_value}#{q}" unless rest_value.blank? end * " " end
Source
# File lib/card/content/clean.rb, line 72 def process_attribute attrib, all_attributes return ['"', nil] unless all_attributes =~ /\b#{attrib}\s*=\s*(?=(.))/i q = '"' rest_value = Regexp.last_match.post_match if (idx = %w[' "].index Regexp.last_match(1)) q = Regexp.last_match(1) end reg_exp = ATTR_VALUE_RE[idx || 2] rest_value = process_attribute_match rest_value, reg_exp, attrib [q, rest_value] end
Source
# File lib/card/content/clean.rb, line 86 def process_attribute_match rest_value, reg_exp, attrib return rest_value unless (match = rest_value.match reg_exp) rest_value = match[0] if attrib == "class" rest_value.split(/\s+/).grep(/^w-/i).join " " else rest_value end end
NOTE: allows classes beginning with “w-” (deprecated)