Module: Whistler

Defined in:
lib/whistler/white_list.rb

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.protocol_attributesObject



4
5
6
# File 'lib/whistler/white_list.rb', line 4

def self.protocol_attributes
  @_protocol_attributes = %w(src href)
end

.protocol_separatorObject



8
9
10
# File 'lib/whistler/white_list.rb', line 8

def self.protocol_separator
  @_protocol_seperator = /:|(&#0*58)|(&#x70)|(%|%)3A/
end

.white_attributesObject

An array of default allowed attributes



18
19
20
# File 'lib/whistler/white_list.rb', line 18

def self.white_attributes
  @_white_attributes ||= %w(href src width height alt cite datetime title class name)
end

.white_list(string, opts = {}) ⇒ Object

This is the work horse of the Whistler gem. It whitelists a string of Markup. string - The string to white list opts - A group of options to apply for this run

valid options

  • :tags - An array of allowed tags. This list is exlusive of all others and only tags included in this list will be allowed

  • :add_tags - An array of extra allowed tags. All normal tags are allowed, plus the ones specified in this array

  • :attributes - An array of allowed attributes. This list is exlusive of all others and only attributes included will be allowed.

Example

Whistler.white_list(my_markup_string, :add_tags => %w(object param) )

}} Allows object and param tags in addition to normal allowed tags.



41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
# File 'lib/whistler/white_list.rb', line 41

def self.white_list(string, opts = {})
  return nil if string.nil?
  w_tags  = get_white_tags(opts)
  w_attrs = get_white_attributes(opts)
  
  string = string.gsub("\000", "")
  
  doc = Hpricot(string)
  doc.traverse_element do |elem|
    if elem.elem?
      if w_tags.include?(elem.name)
        (elem.attributes.keys - w_attrs).each{|a| elem.remove_attribute(a)}
        (elem.attributes.keys & Whistler.protocol_attributes).each{|a| elem.remove_attribute(a) if contains_bad_protocols?(elem[a])}
        elem.raw_attributes.each{|a,v| elem.raw_attributes[a] = clean_attribute(v)}
      else
        elem.parent.children.delete(elem) 
      end
    elsif elem.text?
      elem.parent.replace_child(elem, Hpricot::Text.new(escape_text(elem.to_s)))    
    end
  end
  doc.to_html
end

.white_protocolsObject

An array of default allowed protocols



23
24
25
# File 'lib/whistler/white_list.rb', line 23

def self.white_protocols
  @_white_protocols ||= %w(ed2k ftp http https irc mailto news gopher nntp telnet webcal xmpp callto feed)
end

.white_tagsObject

An array of default allowed tags.



13
14
15
# File 'lib/whistler/white_list.rb', line 13

def self.white_tags
  @_white_tags ||= %w(strong em b i p code pre tt output samp kbd var sub sup dfn cite big small address hr br div span h1 h2 h3 h4 h5 h6 ul ol li dt dd abbr acronym a img blockquote del ins fieldset legend)
end

Instance Method Details

#white_list(string, opts = {}) ⇒ Object



65
66
67
# File 'lib/whistler/white_list.rb', line 65

def white_list(string, opts = {} )
  Whistler.white_list(string, opts)
end