I have some "namespaced" custom tags(developed with radius gem) that i would like to use in my rails application. I'd like to use sanitize gem to prevent xss-attacks, but there are no descriptions how to configure namespace in sani开发者_如何学Gotize. Is there any possible way?
The sanitize gem doesn't support namespaces. Briefly looking at the code for sanitize, neither the transform class that cleans elements nor the way it actually parses html gives Nokogiri (the xml parser underlying sanitize) the information it needs to be able to recognise and process namespaces), so without modifying sanitize to support this, it's not going to be possible.
You'll be able to see the tags without the prefixed-namespaces in sanitize, so if they all have custom names that don't collide with any other tags, you can specify those, but with sanitize as it is currently written, you can't filter namespace-specific tags.
As far as I know the sanitize gem just filters javascript and HTML from params in the controller. Perhaps its been extended since I last looked.
No, you can't namespace most gems. There are a few hacks to put wrappers around them with monkey patching. If needed I would google "ruby namespace collision" and you get something like this How to resolve Rails model namespace collision
精彩评论