Module: Loofah::ScrubBehavior

Defined in:
lib/loofah/concerns.rb

Overview

Mixes scrub! into Document, DocumentFragment, Node and NodeSet.

Traverse the document or fragment, invoking the +scrubber+ on each node.

+scrubber+ must either be one of the symbols representing the built-in scrubbers (see
Scrubbers), or a Scrubber instance.

  span2div = Loofah::Scrubber.new do |node|
    node.name = "div" if node.name == "span"
  end
  Loofah.html5_fragment("<span>foo</span><p>bar</p>").scrub!(span2div).to_s
  # => "<div>foo</div><p>bar</p>"

or

  unsafe_html = "ohai! <div>div is safe</div> <script>but script is not</script>"
  Loofah.html5_fragment(unsafe_html).scrub!(:strip).to_s
  # => "ohai! <div>div is safe</div> "

Note that this method is called implicitly from the shortcuts Loofah.scrub_html5_fragment et
al.

Please see Scrubber for more information on implementation and traversal, and README.rdoc for
more example usage.

Defined Under Namespace

Modules: Node, NodeSet

Class Method Summary collapse

Class Method Details

.resolve_scrubber(scrubber) ⇒ Object

:nodoc:



59
60
61
62
63
64
65
66
 
# File 'lib/loofah/concerns.rb', line 59

def resolve_scrubber(scrubber) # :nodoc:
  scrubber = Scrubbers::MAP[scrubber].new if Scrubbers::MAP[scrubber]
  unless scrubber.is_a?(Loofah::Scrubber)
    raise Loofah::ScrubberNotFound, "not a Scrubber or a scrubber name: #{scrubber.inspect}"
  end

  scrubber
end