Module: Whistler
- Defined in:
- lib/whistler/white_list.rb
Class Method Summary collapse
- .protocol_attributes ⇒ Object
- .protocol_separator ⇒ Object
-
.white_attributes ⇒ Object
An array of default allowed attributes.
-
.white_list(string, opts = {}) ⇒ Object
This is the work horse of the Whistler gem.
-
.white_protocols ⇒ Object
An array of default allowed protocols.
-
.white_tags ⇒ Object
An array of default allowed tags.
Instance Method Summary collapse
Class Method Details
.protocol_attributes ⇒ Object
4 5 6 |
# File 'lib/whistler/white_list.rb', line 4 def self.protocol_attributes @_protocol_attributes = %w(src href) end |
.protocol_separator ⇒ Object
8 9 10 |
# File 'lib/whistler/white_list.rb', line 8 def self.protocol_separator @_protocol_seperator = /:|(�*58)|(p)|(%|%)3A/ end |
.white_attributes ⇒ Object
An array of default allowed attributes
18 19 20 |
# File 'lib/whistler/white_list.rb', line 18 def self.white_attributes @_white_attributes ||= %w(href src width height alt cite datetime title class name) end |
.white_list(string, opts = {}) ⇒ Object
This is the work horse of the Whistler gem. It whitelists a string of Markup. string - The string to white list opts - A group of options to apply for this run
valid options
-
:tags
- An array of allowed tags. This list is exlusive of all others and only tags included in this list will be allowed -
:add_tags
- An array of extra allowed tags. All normal tags are allowed, plus the ones specified in this array -
:attributes
- An array of allowed attributes. This list is exlusive of all others and only attributes included will be allowed.
Example
Whistler.white_list(my_markup_string, :add_tags => %w(object param) )
}} Allows object and param tags in addition to normal allowed tags.
41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 |
# File 'lib/whistler/white_list.rb', line 41 def self.white_list(string, opts = {}) return nil if string.nil? = (opts) w_attrs = get_white_attributes(opts) string = string.gsub("\000", "") doc = Hpricot(string) doc.traverse_element do |elem| if elem.elem? if .include?(elem.name) (elem.attributes.keys - w_attrs).each{|a| elem.remove_attribute(a)} (elem.attributes.keys & Whistler.protocol_attributes).each{|a| elem.remove_attribute(a) if contains_bad_protocols?(elem[a])} elem.raw_attributes.each{|a,v| elem.raw_attributes[a] = clean_attribute(v)} else elem.parent.children.delete(elem) end elsif elem.text? elem.parent.replace_child(elem, Hpricot::Text.new(escape_text(elem.to_s))) end end doc.to_html end |
.white_protocols ⇒ Object
An array of default allowed protocols
23 24 25 |
# File 'lib/whistler/white_list.rb', line 23 def self.white_protocols @_white_protocols ||= %w(ed2k ftp http https irc mailto news gopher nntp telnet webcal xmpp callto feed) end |
.white_tags ⇒ Object
An array of default allowed tags.
13 14 15 |
# File 'lib/whistler/white_list.rb', line 13 def self. @_white_tags ||= %w(strong em b i p code pre tt output samp kbd var sub sup dfn cite big small address hr br div span h1 h2 h3 h4 h5 h6 ul ol li dt dd abbr acronym a img blockquote del ins fieldset legend) end |
Instance Method Details
#white_list(string, opts = {}) ⇒ Object
65 66 67 |
# File 'lib/whistler/white_list.rb', line 65 def white_list(string, opts = {} ) Whistler.white_list(string, opts) end |