Skip to content

Latest commit

 

History

History
37 lines (23 loc) · 1.4 KB

README.rdoc

File metadata and controls

37 lines (23 loc) · 1.4 KB

white_list Gem

This is the Gem version of white_list Plugin

More information about the Plugin please see below, or at github.com/bhedana/white_list

Install

Put this line into Gemfile:

gem 'white_list', :git => "git://github.com/quyen/white_list.git"

white_list Plugin

This White Listing helper will html encode all tags and strip all attributes that aren’t specifically allowed.

It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out the extensive test suite.

<%= white_list @article.body %>

You can add or remove tags/attributes if you want to customize it a bit.

Add table tags

WhiteListHelper.tags.merge %w(table td th)

Remove tags

WhiteListHelper.tags.delete 'div'

Change allowed attributes

WhiteListHelper.attributes.merge %w(id class style)

white_list accepts a block for custom tag escaping. Shown below is the default block that white_list uses if none is given. The block is called for all bad tags, and every text node. node is an instance of HTML::Node (either HTML::Tag or HTML::Text).

bad is nil for text nodes inside good tags, or is the tag name of the bad tag.

<%= white_list(@article.body) { |node, bad| white_listed_bad_tags.include?(bad) ? nil : node.to_s.gsub(/</, '&lt;') } %>