我使用
sanitize gem来清理输入.

现在我需要允许添加样式到span.实际上我想只允许特定的样式(字体样式,字体重量和文本装饰),但目前我甚至无法管理允许样式属性.

我使用以下配置：

class Sanitize
  module Config
    ANSWER = freeze_config(
      :elements => RESTRICTED[:elements] + %w[
        iframe img a br code li ol ul p pre small strike sub sup span style
      ],

      :attributes => {
        'a'      => %w[href],
        'img'    => %w[src],
        'iframe' => %w[allowfullscreen frameborder height src width],
        'span'   => %w[style],
        'style'  => %w[font-style font-weight text-decoration],      
      },

      :add_attributes => {
        'a'       => {'rel' => 'nofollow', 'target' => '_blank'},
        'iframe'  => {'frameborder' => '0'},
      },

      :protocols => {
        'a'      => {'href' => ['http', 'https', 'mailto', :relative]},
        'img'    => {'src'  => ['http', 'https']},
        'iframe' => {'src'  => ['http', 'https', :relative]}
      },

      :at_rules_with_styles => %w[
        font-style font-weight text-decoration
      ],
    )
  end
end

但是,当我尝试这个：

sanitize_settings = Sanitize::Config::ANSWER
Sanitize.fragment('<span style="color:red">rr</span>', sanitize_settings)

我明白了：

 => "<span>rr</span>"

任何的想法？

最佳答案 消毒风格和CSS有新的规则.最简单的修复方法：

Sanitize::Config::ANSWER[:css]= Sanitize::Config::RELAXED[:css]