Module: Loofah::Helpers

Defined in:

lib/loofah/helpers.rb

Defined Under Namespace

Modules: ActionView

Class Method Summary

• .remove_extraneous_whitespace(string) ⇒ Object

  A helper to remove extraneous whitespace from text-ified HTML TODO: remove this in a future major-point-release.

• .sanitize(string_or_io) ⇒ Object

  A replacement for Rails’s built-in sanitize helper.

• .sanitize_css(style_string) ⇒ Object

  A replacement for Rails’s built-in sanitize_css helper.

• .strip_tags(string_or_io) ⇒ Object

  A replacement for Rails’s built-in strip_tags helper.

Class Method Details

.remove_extraneous_whitespace(string) ⇒ Object

A helper to remove extraneous whitespace from text-ified HTML

TODO: remove this in a future major-point-release.

# File 'lib/loofah/helpers.rb', line 39

def remove_extraneous_whitespace(string)
  Loofah.remove_extraneous_whitespace string
end

.sanitize(string_or_io) ⇒ Object

A replacement for Rails’s built-in sanitize helper.

Loofah::Helpers.sanitize("<script src=http://ha.ckers.org/xss.js></script>") # => "&lt;script src=\"http://ha.ckers.org/xss.js\"&gt;&lt;/script&gt;"

# File 'lib/loofah/helpers.rb', line 19

def sanitize(string_or_io)
  loofah_fragment = Loofah.fragment(string_or_io)
  loofah_fragment.scrub!(:strip)
  loofah_fragment.xpath("./form").each { |form| form.remove }
  loofah_fragment.to_s
end

.sanitize_css(style_string) ⇒ Object

A replacement for Rails’s built-in sanitize_css helper.

Loofah::Helpers.sanitize_css("display:block;background-image:url(http://www.ragingplatypus.com/i/cam-full.jpg)") # => "display: block;"

# File 'lib/loofah/helpers.rb', line 31

def sanitize_css style_string
  ::Loofah::HTML5::Scrub.scrub_css style_string
end

.strip_tags(string_or_io) ⇒ Object

A replacement for Rails’s built-in strip_tags helper.

Loofah::Helpers.strip_tags("<div>Hello <b>there</b></div>") # => "Hello there"

# File 'lib/loofah/helpers.rb', line 10

def strip_tags(string_or_io)
  Loofah.fragment(string_or_io).text
end