To safelist tags and attributes in ActionText we need to inspect the source since I was unable to find anywhere in the documentation how to do so.
Rails has a separate gem for sanitizing which can be found here:
The gem is utilized within ActionText by the content helper here:
What we can do with these
mattr_accessors is override them by creating an
We can create a file called
config/initializers/action_text.rb and fill it with some custom contents for allowable things. Let's say for example we wanted to add table editing. We'd need to add
In addition, we may also want to add some additional attributes which we could also do here say perhaps
target for links.
# config/initializers/action_text.rb # Add table tags ActionText::ContentHelper.allowed_tags += ["table", "tr", "td", "th", "thead", "tbody"] # Add link attributes ActionText::ContentHelper.allowed_attributes += ["rel", "target"]
You can also see an example from @excid3 's latest ActionText episode:
If you're feeling real wild, you could even replace the sanitizer and scrubber with your own custom sanitizer / scrubber!
Top comments (0)