Created
April 17, 2018 18:53
-
-
Save danfstucky/ea3115cf63e636bc4aa887d8b0c7fabd to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'loofah' | |
def remove_unsafe_tags(html) | |
Loofah.document(html) | |
.scrub!(:prune) | |
.to_s | |
end | |
# Test affect that the number of decimal places in a CSS value has on loofah sanitization. | |
three_decimal_margin_left = '<div style="font-size: 9pt; margin-left: 0.333in;"><span>Hello</span></div>' | |
one_decimal_margin_left = '<div style="font-size: 9pt; margin-left: 0.3in;"><span>Hello</span></div>' | |
three_decimal_margin = '<div style="font-size: 9pt; margin: 0.333in;"><span>Hello</span></div>' | |
two_decimal_margin = '<div style="font-size: 9pt; margin: 0.33in;"><span>Hello</span></div>' | |
three_decimal_padding_right = '<div style="font-size: 9pt; padding-right: 0.333in;"><span>Hello World</span></div>' | |
two_decimal_padding_right = '<div style="font-size: 9pt; padding-right: 0.33in;"><span>Hello World</span></div>' | |
two_decimal_text_indent = '<div style="font-size: 9pt; text-indent: 0.33in;"><span>Hello World</span></div>' | |
three_decimal_text_indent = '<div style="font-size: 9pt; text-indent: 0.333in;"><span>Hello World</span></div>' | |
puts "Sanitized margin-left with 3 decimals: #{remove_unsafe_tags(three_decimal_margin_left)}" | |
puts | |
puts "Sanitized margin-left with 1 decimal: #{remove_unsafe_tags(one_decimal_margin_left)}" | |
puts | |
puts "Sanitized margin with 3 decimals: #{remove_unsafe_tags(three_decimal_margin)}" | |
puts | |
puts "Sanitized margin with 2 decimals: #{remove_unsafe_tags(two_decimal_margin)}" | |
puts | |
puts "Sanitized padding-right with 3 decimals: #{remove_unsafe_tags(three_decimal_padding_right)}" | |
puts | |
puts "Sanitized padding-right with 2 decimals: #{remove_unsafe_tags(two_decimal_padding_right)}" | |
puts | |
puts "Sanitized text-indent with 3 decimals: #{remove_unsafe_tags(three_decimal_text_indent)}" | |
puts | |
puts "Sanitized text-indent with 2 decimals: #{remove_unsafe_tags(two_decimal_text_indent)}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment