ActionText: Safe listing attributes and tags

To safelist tags and attributes in ActionText we need to inspect the source since I was unable to find anywhere in the documentation how to do so.

Rails has a separate gem for sanitizing which can be found here:

The gem is utilized within ActionText by the content helper here:

What we can do with these mattr_accessors is override them by creating an initializer.

We can create a file called config/initializers/action_text.rb and fill it with some custom contents for allowable things. Let’s say for example we wanted to add table editing. We’d need to add <table>, <tr>, <td>, <th>, <thead>, and <tbody>.

In addition, we may also want to add some additional attributes which we could also do here say perhaps target for links.

# config/initializers/action_text.rb

# Add table tags
ActionText::ContentHelper.allowed_tags += ["table", "tr", "td", "th", "thead", "tbody"]

# Add link attributes
ActionText::ContentHelper.allowed_attributes += ["rel", "target"]

You can also see an example from @excid3 ‘s latest ActionText episode:

If you’re feeling real wild, you could even replace the sanitizer and scrubber with your own custom sanitizer / scrubber!