Module: Inquisition

Included in:: Object

Defined in:: lib/inquisition.rb

Overview

Introduction

Inquisition will escape html included in specified attributes to eliminate xss-style attacks.

Defined Under Namespace

Modules: ClassMethods

Class Method Summary collapse

.included(klass) ⇒ Object
.sanitize(value, allow) ⇒ Object

Class Method Details

.included(klass) ⇒ `Object`



9
10
11

# File 'lib/inquisition.rb', line 9

def self.included(klass)
  klass.extend(ClassMethods)
end

.sanitize(value, allow) ⇒ `Object`

# File 'lib/inquisition.rb', line 13

def self.sanitize(value, allow)
  if allow && match = Regexp.new(allow).match(value)
    [HTML5libSanitize.sanitize_html(match.pre_match), match.to_a.first, self.sanitize(match.post_match, allow)].join
  else
    HTML5libSanitize.sanitize_html(value)
  end
end

Module: Inquisition

Overview

Introduction

Defined Under Namespace

Class Method Summary collapse

Class Method Details

.included(klass) ⇒ Object

.sanitize(value, allow) ⇒ Object

.included(klass) ⇒ `Object`

.sanitize(value, allow) ⇒ `Object`