eactionpack 2.1.2

data/lib/action_view/helpers/javascript_helper.rb

@@ -0,0 +1,148 @@
+require 'action_view/helpers/tag_helper'
+
+module ActionView
+  module Helpers
+    # Provides functionality for working with JavaScript in your views.
+    # 
+    # == Ajax, controls and visual effects
+    # 
+    # * For information on using Ajax, see 
+    #   ActionView::Helpers::PrototypeHelper.
+    # * For information on using controls and visual effects, see
+    #   ActionView::Helpers::ScriptaculousHelper.
+    #
+    # == Including the JavaScript libraries into your pages
+    #
+    # Rails includes the Prototype JavaScript framework and the Scriptaculous
+    # JavaScript controls and visual effects library.  If you wish to use
+    # these libraries and their helpers (ActionView::Helpers::PrototypeHelper
+    # and ActionView::Helpers::ScriptaculousHelper), you must do one of the
+    # following:
+    #
+    # * Use <tt><%= javascript_include_tag 'prototype' %></tt>: As above, but 
+    #   will only include the Prototype core library, which means you are able
+    #   to use all basic AJAX functionality. For the Scriptaculous-based 
+    #   JavaScript helpers, like visual effects, autocompletion, drag and drop 
+    #   and so on, you should use the method described above.
+    #
+    # For documentation on +javascript_include_tag+ see 
+    # ActionView::Helpers::AssetTagHelper.
+    module JavaScriptHelper
+      # Returns a link that will trigger a JavaScript +function+ using the 
+      # onclick handler and return false after the fact.
+      #
+      # The +function+ argument can be omitted in favor of an +update_page+
+      # block, which evaluates to a string when the template is rendered
+      # (instead of making an Ajax request first).      
+      #
+      # Examples:
+      #   link_to_function "Greeting", "alert('Hello world!')"
+      #     Produces:
+      #       <a onclick="alert('Hello world!'); return false;" href="#">Greeting</a>
+      #
+      #   link_to_function(image_tag("delete"), "if (confirm('Really?')) do_delete()")
+      #     Produces:
+      #       <a onclick="if (confirm('Really?')) do_delete(); return false;" href="#">
+      #         <img src="/images/delete.png?" alt="Delete"/>
+      #       </a>
+      def link_to_function(name, *args, &block)
+        html_options = args.extract_options!.symbolize_keys
+        function = args[0] || ''
+
+        function = update_page(&block) if block_given?
+        content_tag(
+          "a", name, 
+          html_options.merge({ 
+            :href => html_options[:href] || "#", 
+            :onclick => (html_options[:onclick] ? "#{html_options[:onclick]}; " : "") + "#{function}; return false;" 
+          })
+        )
+      end
+      
+      # Returns a button that'll trigger a JavaScript +function+ using the 
+      # onclick handler.
+      #
+      # The +function+ argument can be omitted in favor of an +update_page+
+      # block, which evaluates to a string when the template is rendered
+      # (instead of making an Ajax request first).      
+      #
+      # Examples:
+      #   button_to_function "Greeting", "alert('Hello world!')"
+      #   button_to_function "Delete", "if (confirm('Really?')) do_delete()"
+      def button_to_function(name, *args, &block)
+        html_options = args.extract_options!.symbolize_keys
+        function = args[0] || ''
+
+        function = update_page(&block) if block_given?
+        tag(:input, html_options.merge({ 
+          :type => "button", :value => name, 
+          :onclick => (html_options[:onclick] ? "#{html_options[:onclick]}; " : "") + "#{function};" 
+        }))
+      end
+
+      # Escape carrier returns and single and double quotes for JavaScript segments.
+      def escape_javascript(javascript)
+        (javascript || '').gsub('\\','\0\0').gsub('</','<\/').gsub(/\r\n|\n|\r/, "\\n").gsub(/["']/) { |m| "\\#{m}" }
+      end
+
+      # Returns a JavaScript tag with the +content+ inside. Example:
+      #   javascript_tag "alert('All is good')"
+      #
+      # Returns:
+      #   <script type="text/javascript">
+      #   //<![CDATA[
+      #   alert('All is good')
+      #   //]]>
+      #   </script>
+      #
+      # +html_options+ may be a hash of attributes for the <script> tag. Example:
+      #   javascript_tag "alert('All is good')", :defer => 'defer' 
+      #   # => <script defer="defer" type="text/javascript">alert('All is good')</script>
+      #
+      # Instead of passing the content as an argument, you can also use a block
+      # in which case, you pass your +html_options+ as the first parameter.
+      #   <% javascript_tag :defer => 'defer' do -%>
+      #     alert('All is good')
+      #   <% end -%>
+      def javascript_tag(content_or_options_with_block = nil, html_options = {}, &block)
+        if block_given?
+          html_options = content_or_options_with_block if content_or_options_with_block.is_a?(Hash)
+          content = capture(&block)
+        else
+          content = content_or_options_with_block
+        end
+
+        javascript_tag = content_tag("script", javascript_cdata_section(content), html_options.merge(:type => Mime::JS))
+        
+        if block_given? && block_is_within_action_view?(block)
+          concat(javascript_tag, block.binding)
+        else
+          javascript_tag
+        end
+      end
+
+      def javascript_cdata_section(content) #:nodoc:
+        "\n//#{cdata_section("\n#{content}\n//")}\n"
+      end
+      
+    protected
+      def options_for_javascript(options)
+        '{' + options.map {|k, v| "#{k}:#{v}"}.sort.join(', ') + '}'
+      end
+      
+      def array_or_string_for_javascript(option)
+        js_option = if option.kind_of?(Array)
+          "['#{option.join('\',\'')}']"
+        elsif !option.nil?
+          "'#{option}'"
+        end
+        js_option
+      end
+
+    private
+      def block_is_within_action_view?(block)
+        eval("defined? _erbout", block.binding)
+      end
+    end
+  end
+end

data/lib/action_view/helpers/number_helper.rb

@@ -0,0 +1,186 @@
+module ActionView
+  module Helpers #:nodoc:
+    # Provides methods for converting numbers into formatted strings.
+    # Methods are provided for phone numbers, currency, percentage,
+    # precision, positional notation, and file size.
+    module NumberHelper
+      # Formats a +number+ into a US phone number (e.g., (555) 123-9876). You can customize the format
+      # in the +options+ hash.
+      #
+      # ==== Options
+      # * <tt>:area_code</tt>  - Adds parentheses around the area code.
+      # * <tt>:delimiter</tt>  - Specifies the delimiter to use (defaults to "-").
+      # * <tt>:extension</tt>  - Specifies an extension to add to the end of the
+      #   generated number.
+      # * <tt>:country_code</tt>  - Sets the country code for the phone number.
+      #
+      # ==== Examples
+      #  number_to_phone(1235551234)                                        # => 123-555-1234
+      #  number_to_phone(1235551234, :area_code => true)                    # => (123) 555-1234
+      #  number_to_phone(1235551234, :delimiter => " ")                     # => 123 555 1234
+      #  number_to_phone(1235551234, :area_code => true, :extension => 555) # => (123) 555-1234 x 555
+      #  number_to_phone(1235551234, :country_code => 1)                    # => +1-123-555-1234
+      #
+      #  number_to_phone(1235551234, :country_code => 1, :extension => 1343, :delimiter => ".")
+      #  => +1.123.555.1234 x 1343      
+      def number_to_phone(number, options = {})
+        number       = number.to_s.strip unless number.nil?
+        options      = options.stringify_keys
+        area_code    = options["area_code"] || nil
+        delimiter    = options["delimiter"] || "-"
+        extension    = options["extension"].to_s.strip || nil
+        country_code = options["country_code"] || nil
+
+        begin
+          str = ""
+          str << "+#{country_code}#{delimiter}" unless country_code.blank?
+          str << if area_code
+            number.gsub!(/([0-9]{1,3})([0-9]{3})([0-9]{4}$)/,"(\\1) \\2#{delimiter}\\3")
+          else
+            number.gsub!(/([0-9]{1,3})([0-9]{3})([0-9]{4})$/,"\\1#{delimiter}\\2#{delimiter}\\3")
+          end
+          str << " x #{extension}" unless extension.blank?
+          str
+        rescue
+          number
+        end
+      end
+
+      # Formats a +number+ into a currency string (e.g., $13.65). You can customize the format
+      # in the +options+ hash.
+      #
+      # ==== Options
+      # * <tt>:precision</tt>  -  Sets the level of precision (defaults to 2).
+      # * <tt>:unit</tt>  - Sets the denomination of the currency (defaults to "$").
+      # * <tt>:separator</tt>  - Sets the separator between the units (defaults to ".").
+      # * <tt>:delimiter</tt>  - Sets the thousands delimiter (defaults to ",").
+      # * <tt>:format</tt>  - Sets the format of the output string (defaults to "%u%n"). The field types are:
+      #
+      #     %u  The currency unit
+      #     %n  The number
+      #
+      # ==== Examples
+      #  number_to_currency(1234567890.50)                    # => $1,234,567,890.50
+      #  number_to_currency(1234567890.506)                   # => $1,234,567,890.51
+      #  number_to_currency(1234567890.506, :precision => 3)  # => $1,234,567,890.506
+      #
+      #  number_to_currency(1234567890.50, :unit => "&pound;", :separator => ",", :delimiter => "")
+      #  # => &pound;1234567890,50
+      #  number_to_currency(1234567890.50, :unit => "&pound;", :separator => ",", :delimiter => "", :format => "%n %u")
+      #  # => 1234567890,50 &pound;
+      def number_to_currency(number, options = {})
+        options   = options.stringify_keys
+        precision = options["precision"] || 2
+        unit      = options["unit"] || "$"
+        separator = precision > 0 ? options["separator"] || "." : ""
+        delimiter = options["delimiter"] || ","
+        format    = options["format"] || "%u%n"
+
+        begin
+          parts = number_with_precision(number, precision).split('.')
+          format.gsub(/%n/, number_with_delimiter(parts[0], delimiter) + separator + parts[1].to_s).gsub(/%u/, unit)
+        rescue
+          number
+        end
+      end
+
+      # Formats a +number+ as a percentage string (e.g., 65%). You can customize the
+      # format in the +options+ hash.
+      #
+      # ==== Options
+      # * <tt>:precision</tt>  - Sets the level of precision (defaults to 3).
+      # * <tt>:separator</tt>  - Sets the separator between the units (defaults to ".").
+      #
+      # ==== Examples
+      #  number_to_percentage(100)                         # => 100.000%
+      #  number_to_percentage(100, :precision => 0)        # => 100%
+      #
+      #  number_to_percentage(302.24398923423, :precision => 5)
+      #  # => 302.24399%
+      def number_to_percentage(number, options = {})
+        options   = options.stringify_keys
+        precision = options["precision"] || 3
+        separator = options["separator"] || "."
+
+        begin
+          number = number_with_precision(number, precision)
+          parts = number.split('.')
+          if parts.at(1).nil?
+            parts[0] + "%"
+          else
+            parts[0] + separator + parts[1].to_s + "%"
+          end
+        rescue
+          number
+        end
+      end
+
+      # Formats a +number+ with grouped thousands using +delimiter+ (e.g., 12,324). You
+      # can customize the format using optional <em>delimiter</em> and <em>separator</em> parameters.
+      #
+      # ==== Options
+      # * <tt>delimiter</tt>  - Sets the thousands delimiter (defaults to ",").
+      # * <tt>separator</tt>  - Sets the separator between the units (defaults to ".").
+      #
+      # ==== Examples
+      #  number_with_delimiter(12345678)       # => 12,345,678
+      #  number_with_delimiter(12345678.05)    # => 12,345,678.05
+      #  number_with_delimiter(12345678, ".")  # => 12.345.678
+      #
+      #  number_with_delimiter(98765432.98, " ", ",")
+      #  # => 98 765 432,98
+      def number_with_delimiter(number, delimiter=",", separator=".")
+        begin
+          parts = number.to_s.split('.')
+          parts[0].gsub!(/(\d)(?=(\d\d\d)+(?!\d))/, "\\1#{delimiter}")
+          parts.join separator
+        rescue
+          number
+        end
+      end
+
+      # Formats a +number+ with the specified level of +precision+ (e.g., 112.32 has a precision of 2). The default
+      # level of precision is 3.
+      #
+      # ==== Examples
+      #  number_with_precision(111.2345)     # => 111.235
+      #  number_with_precision(111.2345, 2)  # => 111.23
+      #  number_with_precision(13, 5)        # => 13.00000
+      #  number_with_precision(389.32314, 0) # => 389
+      def number_with_precision(number, precision=3)
+        "%01.#{precision}f" % ((Float(number) * (10 ** precision)).round.to_f / 10 ** precision)
+      rescue
+        number
+      end
+
+      # Formats the bytes in +size+ into a more understandable representation
+      # (e.g., giving it 1500 yields 1.5 KB). This method is useful for 
+      # reporting file sizes to users. This method returns nil if
+      # +size+ cannot be converted into a number. You can change the default
+      # precision of 1 using the precision parameter +precision+.
+      #
+      # ==== Examples
+      #  number_to_human_size(123)           # => 123 Bytes
+      #  number_to_human_size(1234)          # => 1.2 KB
+      #  number_to_human_size(12345)         # => 12.1 KB
+      #  number_to_human_size(1234567)       # => 1.2 MB
+      #  number_to_human_size(1234567890)    # => 1.1 GB
+      #  number_to_human_size(1234567890123) # => 1.1 TB
+      #  number_to_human_size(1234567, 2)    # => 1.18 MB
+      #  number_to_human_size(483989, 0)     # => 4 MB
+      def number_to_human_size(size, precision=1)
+        size = Kernel.Float(size)
+        case
+          when size.to_i == 1;    "1 Byte"
+          when size < 1.kilobyte; "%d Bytes" % size
+          when size < 1.megabyte; "%.#{precision}f KB"  % (size / 1.0.kilobyte)
+          when size < 1.gigabyte; "%.#{precision}f MB"  % (size / 1.0.megabyte)
+          when size < 1.terabyte; "%.#{precision}f GB"  % (size / 1.0.gigabyte)
+          else                    "%.#{precision}f TB"  % (size / 1.0.terabyte)
+        end.sub(/([0-9]\.\d*?)0+ /, '\1 ' ).sub(/\. /,' ')
+      rescue
+        nil
+      end
+    end
+  end
+end

data/lib/action_view/helpers/record_identification_helper.rb

@@ -0,0 +1,20 @@
+module ActionView
+  module Helpers
+    module RecordIdentificationHelper
+      # See ActionController::RecordIdentifier.partial_path -- this is just a delegate to that for convenient access in the view.
+      def partial_path(*args, &block)
+        ActionController::RecordIdentifier.partial_path(*args, &block)
+      end
+
+      # See ActionController::RecordIdentifier.dom_class -- this is just a delegate to that for convenient access in the view.
+      def dom_class(*args, &block)
+        ActionController::RecordIdentifier.dom_class(*args, &block)
+      end
+
+      # See ActionController::RecordIdentifier.dom_id -- this is just a delegate to that for convenient access in the view.
+      def dom_id(*args, &block)
+        ActionController::RecordIdentifier.dom_id(*args, &block)
+      end
+    end
+  end
+end

data/lib/action_view/helpers/record_tag_helper.rb

@@ -0,0 +1,59 @@
+module ActionView
+  module Helpers
+    module RecordTagHelper
+      # Produces a wrapper DIV element with id and class parameters that
+      # relate to the specified Active Record object. Usage example:
+      #
+      #    <% div_for(@person, :class => "foo") do %>
+      #       <%=h @person.name %>
+      #    <% end %>
+      #
+      # produces:
+      #
+      #    <div id="person_123" class="person foo"> Joe Bloggs </div>
+      #
+      def div_for(record, *args, &block)
+        content_tag_for(:div, record, *args, &block)
+      end
+  
+      # content_tag_for creates an HTML element with id and class parameters
+      # that relate to the specified Active Record object. For example:
+      #
+      #    <% content_tag_for(:tr, @person) do %>
+      #      <td><%=h @person.first_name %></td>
+      #      <td><%=h @person.last_name %></td>
+      #    <% end %>
+      #
+      # would produce the following HTML (assuming @person is an instance of
+      # a Person object, with an id value of 123):
+      #
+      #    <tr id="person_123" class="person">....</tr>
+      #
+      # If you require the HTML id attribute to have a prefix, you can specify it:
+      #
+      #    <% content_tag_for(:tr, @person, :foo) do %> ...
+      #
+      # produces:
+      #    
+      #    <tr id="foo_person_123" class="person">...
+      #
+      # content_tag_for also accepts a hash of options, which will be converted to
+      # additional HTML attributes. If you specify a <tt>:class</tt> value, it will be combined
+      # with the default class name for your object. For example:
+      #
+      #    <% content_tag_for(:li, @person, :class => "bar") %>...
+      #
+      # produces:
+      #
+      #    <li id="person_123" class="person bar">...
+      #
+      def content_tag_for(tag_name, record, *args, &block)
+        prefix  = args.first.is_a?(Hash) ? nil : args.shift
+        options = args.first.is_a?(Hash) ? args.shift : {}
+        concat content_tag(tag_name, capture(&block), 
+          options.merge({ :class => "#{dom_class(record)} #{options[:class]}".strip, :id => dom_id(record, prefix) })), 
+          block.binding
+      end
+    end
+  end
+end

data/lib/action_view/helpers/sanitize_helper.rb

@@ -0,0 +1,229 @@
+require 'action_view/helpers/tag_helper'
+require 'html/document'
+
+module ActionView
+  module Helpers #:nodoc:
+    # The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements.
+    # These helper methods extend ActionView making them callable within your template files.
+    module SanitizeHelper
+      def self.included(base)
+        base.extend(ClassMethods)
+      end
+      
+      # This +sanitize+ helper will html encode all tags and strip all attributes that aren't specifically allowed.
+      # It also strips href/src tags with invalid protocols, like javascript: especially.  It does its best to counter any
+      # tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters.  Check out
+      # the extensive test suite.
+      #
+      #   <%= sanitize @article.body %>
+      # 
+      # You can add or remove tags/attributes if you want to customize it a bit.  See ActionView::Base for full docs on the
+      # available options.  You can add tags/attributes for single uses of +sanitize+ by passing either the <tt>:attributes</tt> or <tt>:tags</tt> options:
+      #
+      # Normal Use
+      #
+      #   <%= sanitize @article.body %>
+      #
+      # Custom Use (only the mentioned tags and attributes are allowed, nothing else)
+      #
+      #   <%= sanitize @article.body, :tags => %w(table tr td), :attributes => %w(id class style)
+      # 
+      # Add table tags to the default allowed tags
+      #   
+      #   Rails::Initializer.run do |config|
+      #     config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
+      #   end
+      # 
+      # Remove tags to the default allowed tags
+      #   
+      #   Rails::Initializer.run do |config|
+      #     config.after_initialize do
+      #       ActionView::Base.sanitized_allowed_tags.delete 'div'
+      #     end
+      #   end
+      # 
+      # Change allowed default attributes
+      # 
+      #   Rails::Initializer.run do |config|
+      #     config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style'
+      #   end
+      # 
+      # Please note that sanitizing user-provided text does not guarantee that the
+      # resulting markup is valid (conforming to a document type) or even well-formed.
+      # The output may still contain e.g. unescaped '<', '>', '&' characters and
+      # confuse browsers.
+      #
+      def sanitize(html, options = {})
+        self.class.white_list_sanitizer.sanitize(html, options)
+      end
+
+      # Sanitizes a block of CSS code. Used by +sanitize+ when it comes across a style attribute.
+      def sanitize_css(style)
+        self.class.white_list_sanitizer.sanitize_css(style)
+      end
+
+      # Strips all HTML tags from the +html+, including comments.  This uses the 
+      # html-scanner tokenizer and so its HTML parsing ability is limited by 
+      # that of html-scanner.
+      #
+      # ==== Examples
+      #
+      #   strip_tags("Strip <i>these</i> tags!")
+      #   # => Strip these tags!
+      #
+      #   strip_tags("<b>Bold</b> no more!  <a href='more.html'>See more here</a>...")
+      #   # => Bold no more!  See more here...
+      # 
+      #   strip_tags("<div id='top-bar'>Welcome to my website!</div>")
+      #   # => Welcome to my website!
+      def strip_tags(html)     
+        self.class.full_sanitizer.sanitize(html)
+      end
+
+      # Strips all link tags from +text+ leaving just the link text.
+      #
+      # ==== Examples
+      #   strip_links('<a href="http://www.rubyonrails.org">Ruby on Rails</a>')
+      #   # => Ruby on Rails
+      #
+      #   strip_links('Please e-mail me at <a href="mailto:me@email.com">me@email.com</a>.')
+      #   # => Please e-mail me at me@email.com.
+      #
+      #   strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.')
+      #   # => Blog: Visit
+      def strip_links(html)
+        self.class.link_sanitizer.sanitize(html)
+      end
+
+      module ClassMethods #:nodoc:
+        def self.extended(base)
+          class << base
+            attr_writer :full_sanitizer, :link_sanitizer, :white_list_sanitizer
+
+            # we want these to be class methods on ActionView::Base, they'll get mattr_readers for these below.
+            helper_def = [:sanitized_protocol_separator, :sanitized_uri_attributes, :sanitized_bad_tags, :sanitized_allowed_tags,
+                :sanitized_allowed_attributes, :sanitized_allowed_css_properties, :sanitized_allowed_css_keywords,
+                :sanitized_shorthand_css_properties, :sanitized_allowed_protocols, :sanitized_protocol_separator=].collect! do |prop|
+              prop = prop.to_s
+              "def #{prop}(#{:value if prop =~ /=$/}) white_list_sanitizer.#{prop.sub /sanitized_/, ''} #{:value if prop =~ /=$/} end"
+            end.join("\n")
+            eval helper_def
+          end
+        end
+        
+        # Gets the HTML::FullSanitizer instance used by +strip_tags+.  Replace with
+        # any object that responds to +sanitize+.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.full_sanitizer = MySpecialSanitizer.new
+        #   end
+        #
+        def full_sanitizer
+          @full_sanitizer ||= HTML::FullSanitizer.new
+        end
+
+        # Gets the HTML::LinkSanitizer instance used by +strip_links+.  Replace with
+        # any object that responds to +sanitize+.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.link_sanitizer = MySpecialSanitizer.new
+        #   end
+        #
+        def link_sanitizer
+          @link_sanitizer ||= HTML::LinkSanitizer.new
+        end
+
+        # Gets the HTML::WhiteListSanitizer instance used by sanitize and +sanitize_css+.
+        # Replace with any object that responds to +sanitize+.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.white_list_sanitizer = MySpecialSanitizer.new
+        #   end
+        #
+        def white_list_sanitizer
+          @white_list_sanitizer ||= HTML::WhiteListSanitizer.new
+        end
+
+        # Adds valid HTML attributes that the +sanitize+ helper checks for URIs.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_uri_attributes = 'lowsrc', 'target'
+        #   end
+        #
+        def sanitized_uri_attributes=(attributes)
+          HTML::WhiteListSanitizer.uri_attributes.merge(attributes)
+        end
+
+        # Adds to the Set of 'bad' tags for the +sanitize+ helper.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_bad_tags = 'embed', 'object'
+        #   end
+        #
+        def sanitized_bad_tags=(attributes)
+          HTML::WhiteListSanitizer.bad_tags.merge(attributes)
+        end
+
+        # Adds to the Set of allowed tags for the +sanitize+ helper.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
+        #   end
+        #
+        def sanitized_allowed_tags=(attributes)
+          HTML::WhiteListSanitizer.allowed_tags.merge(attributes)
+        end
+
+        # Adds to the Set of allowed HTML attributes for the +sanitize+ helper.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_allowed_attributes = 'onclick', 'longdesc'
+        #   end
+        #
+        def sanitized_allowed_attributes=(attributes)
+          HTML::WhiteListSanitizer.allowed_attributes.merge(attributes)
+        end
+
+        # Adds to the Set of allowed CSS properties for the #sanitize and +sanitize_css+ heleprs.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_allowed_css_properties = 'expression'
+        #   end
+        #
+        def sanitized_allowed_css_properties=(attributes)
+          HTML::WhiteListSanitizer.allowed_css_properties.merge(attributes)
+        end
+
+        # Adds to the Set of allowed CSS keywords for the +sanitize+ and +sanitize_css+ helpers.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_allowed_css_keywords = 'expression'
+        #   end
+        #
+        def sanitized_allowed_css_keywords=(attributes)
+          HTML::WhiteListSanitizer.allowed_css_keywords.merge(attributes)
+        end
+
+        # Adds to the Set of allowed shorthand CSS properties for the +sanitize+ and +sanitize_css+ helpers.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_shorthand_css_properties = 'expression'
+        #   end
+        #
+        def sanitized_shorthand_css_properties=(attributes)
+          HTML::WhiteListSanitizer.shorthand_css_properties.merge(attributes)
+        end
+
+        # Adds to the Set of allowed protocols for the +sanitize+ helper.
+        #
+        #   Rails::Initializer.run do |config|
+        #     config.action_view.sanitized_allowed_protocols = 'ssh', 'feed'
+        #   end
+        #
+        def sanitized_allowed_protocols=(attributes)
+          HTML::WhiteListSanitizer.allowed_protocols.merge(attributes)
+        end
+      end
+    end
+  end
+end