Skip to content

Instantly share code, notes, and snippets.

@ruckus
Created January 28, 2010 19:06
Show Gist options
  • Save ruckus/289027 to your computer and use it in GitHub Desktop.
Save ruckus/289027 to your computer and use it in GitHub Desktop.
# Allow for the HTML elements / attributes to be custom specified
# Used like so:
# scrubber = WhitelistScrubber.new(:whitelist_elements => %w(span div) , :whitelist_attributes => %w(style class) )
# cleaned = Loofah.fragment(input).scrub!(scrubber).to_s
# This scrubber does not have graceful degradation when the elements/attributes are NOT set.
class WhitelistScrubber < Loofah::Scrubber
attr_accessor :whitelist_elements, :whitelist_attributes
def initialize(options = {}, &block)
if options[:whitelist_elements]
@whitelist_elements = options[:whitelist_elements]
end
if options[:whitelist_attributes]
@whitelist_attributes = options[:whitelist_attributes]
end
super(options, &block)
end
def scrub(node)
case node.type
when Nokogiri::XML::Node::ELEMENT_NODE
node.remove unless @whitelist_elements.include?(node.name)
node.attributes.each do |attr|
unless @whitelist_attributes.include?(attr.first)
node.remove_attribute(attr.first)
end
end
when Nokogiri::XML::Node::TEXT_NODE, Nokogiri::XML::Node::CDATA_SECTION_NODE
return Loofah::Scrubber::CONTINUE
end
Loofah::Scrubber::STOP
end
end
@abitdodgy
Copy link

Thanks for sharing this. Given that it's 4 years old, have you made any observations/seen any issues since? Or does it work as it it should?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment