Skip to content
/ white_list Public

A copy of technoweenie's white_list plugin. For backwards compatibility only.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jemminger/white_list

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

lib

lib

 
 

test

test

 
 

README

README

 
 

Rakefile

Rakefile

 
 

init.rb

init.rb

 
 

white_list.gemspec

white_list.gemspec

 
 

Repository files navigation

WhiteList
=========

This White Listing helper will html encode all tags and strip all attributes that aren't specifically allowed.  
It also strips href/src tags with invalid protocols, like javascript: especially.  It does its best to counter any
tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters.  Check out
the extensive test suite.

  <%= white_list @article.body %>

You can add or remove tags/attributes if you want to customize it a bit.

Add table tags
  
  WhiteListHelper.tags.merge %w(table td th)

Remove tags
  
  WhiteListHelper.tags.delete 'div'

Change allowed attributes

  WhiteListHelper.attributes.merge %w(id class style)

white_list accepts a block for custom tag escaping.  Shown below is the default block that white_list uses if none is given.
The block is called for all bad tags, and every text node.  node is an instance of HTML::Node (either HTML::Tag or HTML::Text).  
bad is nil for text nodes inside good tags, or is the tag name of the bad tag.  

  <%= white_list(@article.body) { |node, bad| white_listed_bad_tags.include?(bad) ? nil : node.to_s.gsub(/</, '&lt;') } %>

About

A copy of technoweenie's white_list plugin. For backwards compatibility only.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages