Class: Loofah::Scrubbers::Escape

Inherits:

Loofah::Scrubber

• Object
• Loofah::Scrubber
• Loofah::Scrubbers::Escape

Defined in:

lib/loofah/scrubbers.rb

Overview

scrub!(:escape)

+:escape+ performs HTML entity escaping on the unknown/unsafe tags:

   unsafe_html = "ohai! <div>div is safe</div> <foo>but foo is <b>not</b></foo>"
   Loofah.html5_fragment(unsafe_html).scrub!(:escape)
   => "ohai! <div>div is safe</div> &lt;foo&gt;but foo is &lt;b&gt;not&lt;/b&gt;&lt;/foo&gt;"

Constant Summary

Constants inherited from Loofah::Scrubber

Loofah::Scrubber::CONTINUE, Loofah::Scrubber::STOP

Instance Attribute Summary

Attributes inherited from Loofah::Scrubber

#block, #direction

Instance Method Summary

• #initialize ⇒ Escape constructor

  rubocop:disable Lint/MissingSuper.

• #scrub(node) ⇒ Object

Methods inherited from Loofah::Scrubber

#append_attribute, #traverse

Constructor Details

#initialize ⇒ Escape

rubocop:disable Lint/MissingSuper

# File 'lib/loofah/scrubbers.rb', line 160

def initialize # rubocop:disable Lint/MissingSuper
  @direction = :top_down
end

Instance Method Details

#scrub(node) ⇒ Object

# File 'lib/loofah/scrubbers.rb', line 164

def scrub(node)
  return CONTINUE if html5lib_sanitize(node) == CONTINUE

  node.add_next_sibling(Nokogiri::XML::Text.new(node.to_s, node.document))
  node.remove
  STOP
end