Rails 5将CSS属性列入白名单以帮助清理助手 [英] Rails 5 whitelist css property for sanitize helper
问题描述
我需要允许通过 sanitize(post.content)
输出的内联"style = position:absolute;"
输出.我发现 Rails 4文档表示
I need to allow inline "style=position: absolute;"
output by sanitize(post.content)
. I found documentation for Rails 4 that said
config.action_view.sanitized_allowed_css_properties = ['position']
在application.rb中的
会将属性添加到白名单中,但是我找不到文档说明Rails 5是否仍然如此,并且在多次重启服务器后它似乎无法正常工作.有没有一种方法可以轻松添加列入白名单的CSS属性?此 Rails 4答案建议使用猴子补丁,但我不确定在哪里或如何做.
in application.rb would add properties to the whitelist, but I can't find documentation whether this is still the case for Rails 5 and it doesn't appear to be working after restarting the server multiple times. Is there a way to easily add whitelisted css properties? This answer for Rails 4 suggests a monkey patch, but I'm not sure where or how to do so.
更新:安装 gem rails-deprecated_sanitized 可以使上述配置行起作用,因此似乎不推荐使用sanitized_allowed_css_properties.当然在Rails 5中有办法做到这一点吗?我无法退回到4,并且我需要将内联样式位置列入白名单才能使第三方插件正常工作(CKEditor + Iframely)
Update: installing gem rails-deprecated_sanitized allowed the above config line to work, so it looks like sanitized_allowed_css_properties is deprecated. Surely there's a way to do this in Rails 5? I can't step back to 4, and I need to whitelist inline style position in order to get a third party plugin to work (CKEditor + Iframely)
推荐答案
您可以为 Rails 5消毒剂将多个CSS属性添加到丝瓜络的白名单中.
You can add multiple CSS properties to whitelist in Loofah for Rails 5 sanitizer.
Loofah::HTML5::WhiteList::ALLOWED_CSS_PROPERTIES.merge %w(position background-image left list-style min-width top z-index)
在 application.rb
中添加以上行(再次不确定这有多安全)
Add above line in application.rb
(Again not sure how safe this is)
这篇关于Rails 5将CSS属性列入白名单以帮助清理助手的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!