feat: introduce Rails::HTML::Sanitizer.best_supported_vendor

CHANGELOG.md

@@ -1,6 +1,6 @@
 ## 1.6.0.rc1 / 2023-05-24
 
-* Sanitizers that use an HTML5 parser are now available on platforms supported by
+* HTML5 standards-compliant sanitizers are now available on platforms supported by
   Nokogiri::HTML5. These are available as:
 
   - `Rails::HTML5::FullSanitizer`
@@ -13,6 +13,9 @@
   Note that for symmetry `Rails::HTML4::Sanitizer` is also added, though its behavior is identical
   to the vendor class methods on `Rails::HTML::Sanitizer`.
 
+  Users may call `Rails::HTML::Sanitizer.best_supported_vendor` to get back the HTML5 vendor if it's
+  supported, else the legacy HTML4 vendor.
+
   *Mike Dalessio*
 
 * Module namespaces have changed, but backwards compatibility is provided by aliases.

lib/rails/html/sanitizer.rb

@@ -9,6 +9,10 @@ def html5_support?
 
           @html5_support = Loofah.respond_to?(:html5_support?) && Loofah.html5_support?
         end
+
+        def best_supported_vendor
+          html5_support? ? Rails::HTML5::Sanitizer : Rails::HTML4::Sanitizer
+        end
       end
 
       def sanitize(html, options = {})

test/rails_api_test.rb

@@ -17,6 +17,20 @@ def test_html_scrubber_class_names
     assert(Rails::Html::Sanitizer)
   end
 
+  def test_best_supported_vendor_when_html5_is_not_supported_returns_html4
+    Rails::HTML::Sanitizer.stub(:html5_support?, false) do
+      assert_equal(Rails::HTML4::Sanitizer, Rails::HTML::Sanitizer.best_supported_vendor)
+    end
+  end
+
+  def test_best_supported_vendor_when_html5_is_supported_returns_html5
+    skip("no HTML5 support on this platform") unless Rails::HTML::Sanitizer.html5_support?
+
+    Rails::HTML::Sanitizer.stub(:html5_support?, true) do
+      assert_equal(Rails::HTML5::Sanitizer, Rails::HTML::Sanitizer.best_supported_vendor)
+    end
+  end
+
   def test_html4_sanitizer_alias_full
     assert_equal(Rails::HTML4::FullSanitizer, Rails::HTML::FullSanitizer)
     assert_equal("Rails::HTML4::FullSanitizer", Rails::HTML::FullSanitizer.name)