fix sanitize allowed tags and attributes + active storage direct url in...

fix sanitize allowed tags and attributes + active storage direct url in kamifusen tag inside post & page text

app/views/active_storage/blobs/_blob.html.erb

 <figure class="attachment attachment--<%= blob.variable? ? "preview" : "file" %> attachment--<%= blob.filename.extension %>">
   <% if blob.image? %>
-    <%= kamifusen_tag blob, width: 800 %>
+    <%= kamifusen_tag blob, width: 800, active_storage_direct_url: true %>
   <% elsif blob.video? %>
     <video>
       <source src="<%= rails_blob_path(blob) %>" type="<%= blob.content_type %>">

config/application.rb

@@ -48,8 +48,16 @@ module Osuny
         authentication: :plain
     }
 
-    config.action_view.sanitized_allowed_tags = ['strong', 'em', 'b', 'i', 'u', 'p', 'code', 'pre', 'tt', 'samp', 'kbd', 'var', 'sub', 'sup', 'dfn', 'cite', 'big', 'small', 'address', 'hr', 'br', 'div', 'span', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'ul', 'ol', 'li', 'dl', 'dt', 'dd', 'abbr', 'acronym', 'a', 'img', 'blockquote', 'del', 'ins', 'picture']
-    config.action_view.sanitized_allowed_attributes = ['href', 'src', 'srcset', 'width', 'height', 'alt', 'cite', 'datetime', 'title', 'class', 'name', 'xml:lang', 'abbr', 'style', 'target', 'sizes', 'loading', 'decoding', 'type']
+    config.action_view.sanitized_allowed_tags = [
+      "a", "abbr", "acronym", "address", "b", "big", "blockquote", "br",
+      "cite", "code", "dd", "del", "dfn", "div", "dl", "dt", "em",
+      "h1", "h2", "h3", "h4", "h5", "h6", "hr", "i", "img", "ins", "kbd", "li", "ol",
+      "p", "picture", "pre", "samp", "small", "source", "span", "strong", "sub", "sup", "tt", "u", "ul", "var"
+    ]
+    config.action_view.sanitized_allowed_attributes = [
+      "abbr", "alt", "cite", "class", "datetime", "decoding", "height", "href", "loading",
+      "name", "sizes", "src", "srcset", "style", "target", "title", "type", "width", "xml:lang"
+    ]
 
     config.allowed_special_chars = '#?!,@$%^&*+£µ-'