method

process_attributes_for

rails latest stable - Class: HTML::WhiteListSanitizer

process_attributes_for(node, options)

protected

No documentation available.

# File actionview/lib/action_view/vendor/html-scanner/html/sanitizer.rb, line 170
    def process_attributes_for(node, options)
      return unless node.attributes
      node.attributes.keys.each do |attr_name|
        value = node.attributes[attr_name].to_s

        if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value)
          node.attributes.delete(attr_name)
        else
          node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(CGI::unescapeHTML(value))
        end
      end
    end

process_attributes_for

Method deprecated or moved

Related methods