kaspth/scrub_that_api.rb

## scrub_that_api.rb
# By switching out the html-scanner lib with Loofah, we can make use of the custom HTML scrubbers within Loofah to get more control over what gets sanitized.

# This could be useful in apps where users submit text content.
# Say Twitter in an alternate universe allows users to format their tweets using some HTML tags. They then need a way to specify what tags are black- and/or whitelisted.

# This is an example of how it could work in a model.
class Comment < ActiveRecord::Base
  # block based
  # block takes a node
  scrubs :body do |node|
    node.remove if node.name == "script"
  end

  # method based
  # method is last argument and has a node parameter
  scrubs :name, :body, :remove_style_blocks

  # list based via a kind option
  # options are based on the available scrubbers in Loofah
  scrubs :name, kind: :whitelist
end
	# By switching out the html-scanner lib with Loofah, we can make use of the custom HTML scrubbers within Loofah to get more control over what gets sanitized.

	# This could be useful in apps where users submit text content.
	# Say Twitter in an alternate universe allows users to format their tweets using some HTML tags. They then need a way to specify what tags are black- and/or whitelisted.

	# This is an example of how it could work in a model.
	class Comment < ActiveRecord::Base
	# block based
	# block takes a node
	scrubs :body do \|node\|
	node.remove if node.name == "script"
	end

	# method based
	# method is last argument and has a node parameter
	scrubs :name, :body, :remove_style_blocks

	# list based via a kind option
	# options are based on the available scrubbers in Loofah
	scrubs :name, kind: :whitelist
	end