mirror of
https://github.com/discourse/discourse.git
synced 2024-11-22 09:42:02 +08:00
DEV: Don’t patch Sanitize::Config
Currently we’re reopening the `Sanitize::Config` class (which is part of the `sanitize` gem) to put our custom config for Onebox in it. This is unnecessary as we can simply create a dedicated module to hold our custom configuration.
This commit is contained in:
parent
1203121ac1
commit
46176b7dd7
|
@ -20,7 +20,7 @@ module Onebox
|
|||
load_paths: [File.join(Rails.root, "lib/onebox/templates")],
|
||||
allowed_ports: [80, 443],
|
||||
allowed_schemes: ["http", "https"],
|
||||
sanitize_config: Sanitize::Config::ONEBOX,
|
||||
sanitize_config: SanitizeConfig::ONEBOX,
|
||||
redirect_limit: 5
|
||||
}
|
||||
|
||||
|
|
|
@ -1,18 +0,0 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
module Onebox
|
||||
class DiscourseOneboxSanitizeConfig
|
||||
module Config
|
||||
DISCOURSE_ONEBOX ||=
|
||||
Sanitize::Config.freeze_config(
|
||||
Sanitize::Config.merge(
|
||||
Sanitize::Config::ONEBOX,
|
||||
attributes: Sanitize::Config.merge(
|
||||
Sanitize::Config::ONEBOX[:attributes],
|
||||
'aside' => [:data]
|
||||
)
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
end
|
|
@ -81,7 +81,7 @@ module Onebox
|
|||
end
|
||||
|
||||
def sanitize(html)
|
||||
config = @options[:sanitize_config] || Sanitize::Config::ONEBOX
|
||||
config = @options[:sanitize_config] || SanitizeConfig::ONEBOX
|
||||
config = config.merge(allowed_iframe_regexes: @options[:allowed_iframe_regexes])
|
||||
|
||||
Sanitize.fragment(html, config)
|
||||
|
|
|
@ -1,15 +1,14 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class Sanitize
|
||||
module Config
|
||||
|
||||
module Onebox
|
||||
module SanitizeConfig
|
||||
HTTP_PROTOCOLS ||= ['http', 'https', :relative].freeze
|
||||
|
||||
ONEBOX ||= freeze_config merge(RELAXED,
|
||||
elements: RELAXED[:elements] + %w[audio details embed iframe source video svg path],
|
||||
ONEBOX ||= Sanitize::Config.freeze_config(Sanitize::Config.merge(Sanitize::Config::RELAXED,
|
||||
elements: Sanitize::Config::RELAXED[:elements] + %w[audio details embed iframe source video svg path],
|
||||
|
||||
attributes: {
|
||||
'a' => RELAXED[:attributes]['a'] + %w(target),
|
||||
'a' => Sanitize::Config::RELAXED[:attributes]['a'] + %w(target),
|
||||
'audio' => %w[controls controlslist],
|
||||
'embed' => %w[height src type width],
|
||||
'iframe' => %w[allowfullscreen frameborder height scrolling src width data-original-href data-unsanitized-src],
|
||||
|
@ -29,7 +28,7 @@ class Sanitize
|
|||
}
|
||||
},
|
||||
|
||||
transformers: (RELAXED[:transformers] || []) + [
|
||||
transformers: (Sanitize::Config::RELAXED[:transformers] || []) + [
|
||||
lambda do |env|
|
||||
next unless env[:node_name] == 'a'
|
||||
a_tag = env[:node]
|
||||
|
@ -65,8 +64,19 @@ class Sanitize
|
|||
},
|
||||
|
||||
css: {
|
||||
properties: RELAXED[:css][:properties] + %w[--aspect-ratio]
|
||||
properties: Sanitize::Config::RELAXED[:css][:properties] + %w[--aspect-ratio]
|
||||
}
|
||||
)
|
||||
))
|
||||
|
||||
DISCOURSE_ONEBOX ||=
|
||||
Sanitize::Config.freeze_config(
|
||||
Sanitize::Config.merge(
|
||||
ONEBOX,
|
||||
attributes: Sanitize::Config.merge(
|
||||
ONEBOX[:attributes],
|
||||
'aside' => [:data]
|
||||
)
|
||||
)
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -425,7 +425,7 @@ module Oneboxer
|
|||
|
||||
onebox_options = {
|
||||
max_width: 695,
|
||||
sanitize_config: Onebox::DiscourseOneboxSanitizeConfig::Config::DISCOURSE_ONEBOX,
|
||||
sanitize_config: Onebox::SanitizeConfig::DISCOURSE_ONEBOX,
|
||||
allowed_iframe_origins: allowed_iframe_origins,
|
||||
hostname: GlobalSetting.hostname,
|
||||
facebook_app_access_token: SiteSetting.facebook_app_access_token,
|
||||
|
|
Loading…
Reference in New Issue
Block a user