/
basic_html.ex
55 lines (45 loc) · 2.09 KB
/
basic_html.ex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
defmodule HtmlSanitizeEx.Scrubber.BasicHTML do
@moduledoc """
Allows basic HTML tags to support user input for writing relatively
plain text with e.g. Markdown.
Does not allow any mailto-links, styling, HTML5 tags, video embeds etc.
"""
require HtmlSanitizeEx.Scrubber.Meta
alias HtmlSanitizeEx.Scrubber.Meta
@valid_schemes ["http", "https"]
# Removes any CDATA tags before the traverser/scrubber runs.
Meta.remove_cdata_sections_before_scrub
Meta.strip_comments
Meta.allow_tag_with_uri_attributes "a", ["href"], @valid_schemes
Meta.allow_tag_with_these_attributes "a", ["name", "title"]
Meta.allow_tag_with_these_attributes "b", []
Meta.allow_tag_with_these_attributes "blockquote", []
Meta.allow_tag_with_these_attributes "br", []
Meta.allow_tag_with_these_attributes "code", []
Meta.allow_tag_with_these_attributes "del", []
Meta.allow_tag_with_these_attributes "em", []
Meta.allow_tag_with_these_attributes "h1", []
Meta.allow_tag_with_these_attributes "h2", []
Meta.allow_tag_with_these_attributes "h3", []
Meta.allow_tag_with_these_attributes "h4", []
Meta.allow_tag_with_these_attributes "h5", []
Meta.allow_tag_with_these_attributes "hr", []
Meta.allow_tag_with_these_attributes "i", []
Meta.allow_tag_with_uri_attributes "img", ["src"], @valid_schemes
Meta.allow_tag_with_these_attributes "img", ["width", "height", "title", "alt"]
Meta.allow_tag_with_these_attributes "li", []
Meta.allow_tag_with_these_attributes "ol", []
Meta.allow_tag_with_these_attributes "p", []
Meta.allow_tag_with_these_attributes "pre", []
Meta.allow_tag_with_these_attributes "span", []
Meta.allow_tag_with_these_attributes "strong", []
Meta.allow_tag_with_these_attributes "table", []
Meta.allow_tag_with_these_attributes "tbody", []
Meta.allow_tag_with_these_attributes "td", []
Meta.allow_tag_with_these_attributes "th", []
Meta.allow_tag_with_these_attributes "thead", []
Meta.allow_tag_with_these_attributes "tr", []
Meta.allow_tag_with_these_attributes "u", []
Meta.allow_tag_with_these_attributes "ul", []
Meta.strip_everything_not_covered
end