feat: add HTML5::Sanitizer to provide a vendor interface for Rails

flavorjones · flavorjones · commit 7f485d6e8484 · 2023-05-17T12:18:40.000-04:00
Also add HTML4::Sanitizer for symmetry, which returns the exact same
set of sanitizers as HTML::Sanitizer.
diff --git a/lib/rails/html/sanitizer.rb b/lib/rails/html/sanitizer.rb
@@ -4,22 +4,6 @@ module Rails
   module HTML
     class Sanitizer
       class << self
-        def full_sanitizer
-          Rails::HTML4::FullSanitizer
-        end
-
-        def link_sanitizer
-          Rails::HTML4::LinkSanitizer
-        end
-
-        def safe_list_sanitizer
-          Rails::HTML4::SafeListSanitizer
-        end
-
-        def white_list_sanitizer # :nodoc:
-          safe_list_sanitizer
-        end
-
         def html5_support?
           return @html5_support if defined?(@html5_support)
 
@@ -209,6 +193,28 @@ def serialize(fragment)
   end
 
   module HTML4
+    module Sanitizer
+      module VendorMethods
+        def full_sanitizer
+          Rails::HTML4::FullSanitizer
+        end
+
+        def link_sanitizer
+          Rails::HTML4::LinkSanitizer
+        end
+
+        def safe_list_sanitizer
+          Rails::HTML4::SafeListSanitizer
+        end
+
+        def white_list_sanitizer # :nodoc:
+          safe_list_sanitizer
+        end
+      end
+
+      extend VendorMethods
+    end
+
     # == Rails::HTML4::FullSanitizer
     #
     # Removes all tags from HTML4 but strips out scripts, forms and comments.
@@ -299,6 +305,26 @@ class SafeListSanitizer < Rails::HTML::Sanitizer
   end
 
   module HTML5
+    class Sanitizer
+      class << self
+        def full_sanitizer
+          Rails::HTML5::FullSanitizer
+        end
+
+        def link_sanitizer
+          Rails::HTML5::LinkSanitizer
+        end
+
+        def safe_list_sanitizer
+          Rails::HTML5::SafeListSanitizer
+        end
+
+        def white_list_sanitizer # :nodoc:
+          safe_list_sanitizer
+        end
+      end
+    end
+
     # == Rails::HTML5::FullSanitizer
     #
     # Removes all tags from HTML5 but strips out scripts, forms and comments.
@@ -389,6 +415,7 @@ class SafeListSanitizer < Rails::HTML::Sanitizer
   end if Rails::HTML::Sanitizer.html5_support?
 
   module HTML
+    Sanitizer.extend(HTML4::Sanitizer::VendorMethods) # :nodoc:
     FullSanitizer = HTML4::FullSanitizer # :nodoc:
     LinkSanitizer = HTML4::LinkSanitizer # :nodoc:
     SafeListSanitizer = HTML4::SafeListSanitizer # :nodoc:
diff --git a/test/rails_api_test.rb b/test/rails_api_test.rb
@@ -32,19 +32,43 @@ def test_html4_sanitizer_alias_safe_list
     assert_equal("Rails::HTML4::SafeListSanitizer", Rails::HTML::SafeListSanitizer.name)
   end
 
-  def test_full_sanitizer_returns_a_full_sanitizer
+  def test_html4_full_sanitizer
     assert_equal(Rails::HTML4::FullSanitizer, Rails::HTML::Sanitizer.full_sanitizer)
+    assert_equal(Rails::HTML4::FullSanitizer, Rails::HTML4::Sanitizer.full_sanitizer)
   end
 
-  def test_link_sanitizer_returns_a_link_sanitizer
+  def test_html4_link_sanitizer
     assert_equal(Rails::HTML4::LinkSanitizer, Rails::HTML::Sanitizer.link_sanitizer)
+    assert_equal(Rails::HTML4::LinkSanitizer, Rails::HTML4::Sanitizer.link_sanitizer)
   end
 
-  def test_safe_list_sanitizer_returns_a_safe_list_sanitizer
+  def test_html4_safe_list_sanitizer
     assert_equal(Rails::HTML4::SafeListSanitizer, Rails::HTML::Sanitizer.safe_list_sanitizer)
+    assert_equal(Rails::HTML4::SafeListSanitizer, Rails::HTML4::Sanitizer.safe_list_sanitizer)
   end
 
-  def test_white_list_sanitizer_returns_a_safe_list_sanitizer
+  def test_html4_white_list_sanitizer
     assert_equal(Rails::HTML4::SafeListSanitizer, Rails::HTML::Sanitizer.white_list_sanitizer)
+    assert_equal(Rails::HTML4::SafeListSanitizer, Rails::HTML4::Sanitizer.white_list_sanitizer)
+  end
+
+  def test_html5_full_sanitizer
+    skip("no HTML5 support on this platform") unless Rails::HTML::Sanitizer.html5_support?
+    assert_equal(Rails::HTML5::FullSanitizer, Rails::HTML5::Sanitizer.full_sanitizer)
+  end
+
+  def test_html5_link_sanitizer
+    skip("no HTML5 support on this platform") unless Rails::HTML::Sanitizer.html5_support?
+    assert_equal(Rails::HTML5::LinkSanitizer, Rails::HTML5::Sanitizer.link_sanitizer)
+  end
+
+  def test_html5_safe_list_sanitizer
+    skip("no HTML5 support on this platform") unless Rails::HTML::Sanitizer.html5_support?
+    assert_equal(Rails::HTML5::SafeListSanitizer, Rails::HTML5::Sanitizer.safe_list_sanitizer)
+  end
+
+  def test_html5_white_list_sanitizer
+    skip("no HTML5 support on this platform") unless Rails::HTML::Sanitizer.html5_support?
+    assert_equal(Rails::HTML5::SafeListSanitizer, Rails::HTML5::Sanitizer.white_list_sanitizer)
   end
 end
