Inquisition

Introduction

Inquisition will sanitize HTML as to help avoid cross site scripting attacks! It keeps your strings heresy-free.

How

Inquisition offers you three methods on Object:

cleanse_attr *attributes, options
cleanse_attr_reader *attributes, options
cleanse_attr_writer *attributes, options

These methods will wrap your getters and/or setters for an attribute through a HTML5 Sanitizer. This should help to protect against most kinds of cross site scripting attacks.

For example:

cleanse_attr :name, :allow => {:name => /(<strong>)/}

The above example will clean all values written to or read from the name attribute, but will not remove strong tags.

Installation

sudo gem install thumblemonks-inquisition

lib/html5lib_sanitize.rb Copyright © Jacques Distler

Everything else is Copyright © 2009 Alexander Rakoczy. See LICENSE for details.