From 7ea45d5e89a1f4473080f21007bfaa644a1d4562 Mon Sep 17 00:00:00 2001 From: Dawa Ometto Date: Thu, 23 Jan 2014 19:29:20 +0100 Subject: [PATCH] Update sanitization.md Document customization of sanitation settings; see https://github.com/gollum/gollum/issues/759 --- docs/sanitization.md | 37 +++++++++++++++++++------------------ 1 file changed, 19 insertions(+), 18 deletions(-) diff --git a/docs/sanitization.md b/docs/sanitization.md index f54f7e8b..ae255b9c 100644 --- a/docs/sanitization.md +++ b/docs/sanitization.md @@ -2,31 +2,32 @@ Sanitization Rules ================== Gollum uses the [Sanitize](http://wonko.com/post/sanitize) gem for HTML -sanitization. +sanitization. Below you find the default allowed tags, attributes, and protocols, as well as directions to customize these settings. -See `lib/gollum.rb` for actual settings. +# Default Settings ## ALLOWED TAGS -a, abbr, acronym, address, area, b, big, blockquote, br, button, caption, -center, cite, code, col, colgroup, dd, del, dfn, dir, div, dl, dt, em, -fieldset, font, form, h1, h2, h3, h4, h5, h6, hr, i, img, input, ins, kbd, -label, legend, li, map, menu, ol, optgroup, option, p, pre, q, s, samp, -select, small, span, strike, strong, sub, sup, table, tbody, td, textarea, -tfoot, th, thead, tr, tt, u, ul, var +a, abbr, acronym, address, area, b, big, blockquote, br, button, caption, center, cite, code, col, colgroup, dd, del, dfn, dir, div, dl, dt, em, fieldset, font, form, h1, h2, h3, h4, h5, h6, hr, i, img, input, ins, kbd, label, legend, li, map, menu, ol, optgroup, option, p, pre, q, s, samp, select, small, span, strike, strong, sub, sup, table, tbody, td, textarea, tfoot, th, thead, tr, tt, u, ul, var ## ALLOWED ATTRIBUTES -abbr, accept, accept-charset, accesskey, action, align, alt, axis, border, -cellpadding, cellspacing, char, charoff, charset, checked, cite, class, clear, -cols, colspan, color, compact, coords, datetime, dir, disabled, enctype, for, -frame, headers, height, href, hreflang, hspace, id, ismap, label, lang, -longdesc, maxlength, media, method, multiple, name, nohref, noshade, nowrap, -prompt, readonly, rel, rev, rows, rowspan, rules, scope, selected, shape, -size, span, src, start, summary, tabindex, target, title, type, usemap, -valign, value, vspace, width +a href, abbr, accept, accept-charset, accesskey, action, align, alt, axis, border, cellpadding, cellspacing, char, charoff, class, charset, checked, cite, clear, cols, colspan, color, compact, coords, datetime, dir, disabled, enctype, for, frame, headers, height, hreflang, hspace, id, img src, ismap, label, lang, longdesc, maxlength, media, method, multiple, name, nohref, noshade, nowrap, prompt, readonly, rel, rev, rows, rowspan, rules, scope, selected, shape, size, span, start, summary, tabindex, target, title, type, usemap, valign, value, vspace, width ## ALLOWED PROTOCOLS -a href: http, https, mailto -img src: http, https \ No newline at end of file +a href: http, https, mailto, ftp, irc, apt, :relative +img src: http, https, :relative +form action: http, https, :relative + +# Customizing + +To customize these settings, edit your `config.rb` file along the following lines (be sure to run gollum with the `--config` option): + +```ruby +sanitizer = Gollum::Sanitization.new +sanitizer.protocols['a']['href'].concat ['ssh', 'vnc'] # Protocols +sanitizer.elements.concat ['customtag1', 'customtag2'] # Tags +sanitizer.attributes['a'].push 'target' # Attributes +Precious::App.set(:wiki_options, {:sanitization => sanitizer}) +```