Class: Loofah::Scrubbers::Escape

Inherits:
Loofah::Scrubber show all
Defined in:
lib/loofah/scrubbers.rb

Overview

scrub!(:escape)

+:escape+ performs HTML entity escaping on the unknown/unsafe tags:

   unsafe_html = "ohai! <div>div is safe</div> <foo>but foo is <b>not</b></foo>"
   Loofah.html5_fragment(unsafe_html).scrub!(:escape)
   => "ohai! <div>div is safe</div> &lt;foo&gt;but foo is &lt;b&gt;not&lt;/b&gt;&lt;/foo&gt;"

Constant Summary

Constants inherited from Loofah::Scrubber

Loofah::Scrubber::CONTINUE, Loofah::Scrubber::STOP

Instance Attribute Summary

Attributes inherited from Loofah::Scrubber

#block, #direction

Instance Method Summary collapse

Methods inherited from Loofah::Scrubber

#append_attribute, #traverse

Constructor Details

#initializeEscape

rubocop:disable Lint/MissingSuper



143
144
145
# File 'lib/loofah/scrubbers.rb', line 143

def initialize # rubocop:disable Lint/MissingSuper
  @direction = :top_down
end

Instance Method Details

#scrub(node) ⇒ Object



147
148
149
150
151
152
153
# File 'lib/loofah/scrubbers.rb', line 147

def scrub(node)
  return CONTINUE if html5lib_sanitize(node) == CONTINUE

  node.add_next_sibling(Nokogiri::XML::Text.new(node.to_s, node.document))
  node.remove
  STOP
end