Created
January 28, 2010 19:06
-
-
Save ruckus/289027 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Allow for the HTML elements / attributes to be custom specified | |
| # Used like so: | |
| # scrubber = WhitelistScrubber.new(:whitelist_elements => %w(span div) , :whitelist_attributes => %w(style class) ) | |
| # cleaned = Loofah.fragment(input).scrub!(scrubber).to_s | |
| # This scrubber does not have graceful degradation when the elements/attributes are NOT set. | |
| class WhitelistScrubber < Loofah::Scrubber | |
| attr_accessor :whitelist_elements, :whitelist_attributes | |
| def initialize(options = {}, &block) | |
| if options[:whitelist_elements] | |
| @whitelist_elements = options[:whitelist_elements] | |
| end | |
| if options[:whitelist_attributes] | |
| @whitelist_attributes = options[:whitelist_attributes] | |
| end | |
| super(options, &block) | |
| end | |
| def scrub(node) | |
| case node.type | |
| when Nokogiri::XML::Node::ELEMENT_NODE | |
| node.remove unless @whitelist_elements.include?(node.name) | |
| node.attributes.each do |attr| | |
| unless @whitelist_attributes.include?(attr.first) | |
| node.remove_attribute(attr.first) | |
| end | |
| end | |
| when Nokogiri::XML::Node::TEXT_NODE, Nokogiri::XML::Node::CDATA_SECTION_NODE | |
| return Loofah::Scrubber::CONTINUE | |
| end | |
| Loofah::Scrubber::STOP | |
| end | |
| end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for sharing this. Given that it's 4 years old, have you made any observations/seen any issues since? Or does it work as it it should?