Skip to content

Commit

Permalink
Add a note for whitelisted tags by default in the TargetScrubber (#110)
Browse files Browse the repository at this point in the history 
* add a note for whitelisted tags by default in the TargetScrubber

* reword the whitelisted to permitted

Co-authored-by: Kasper Timm Hansen <kaspth@gmail.com>

* added the permitted tag list to the README

Co-authored-by: Kasper Timm Hansen <kaspth@gmail.com>
  • Loading branch information
@paul-mesnilgrente @kaspth
paul-mesnilgrente and kaspth committed Feb 9, 2021
1 parent 51dc564 commit 1e64885
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion README.md
View file
Expand Up @@ -81,8 +81,10 @@ html_fragment.to_s # => "<a></a>"
#### `Rails::Html::TargetScrubber`

Where `PermitScrubber` picks out tags and attributes to permit in sanitization,
`Rails::Html::TargetScrubber` targets them for removal.
`Rails::Html::TargetScrubber` targets them for removal. See https://github.com/flavorjones/loofah/blob/main/lib/loofah/html5/safelist.rb for the tag list.

**Note:** by default, it will scrub anything that is not part of the permitted tags from
loofah `HTML5::Scrub.allowed_element?`.

```ruby
scrubber = Rails::Html::TargetScrubber.new
Expand Down

0 comments on commit 1e64885

Please sign in to comment.