Module: Sanitizer

Defined in:

lib/sanitizer/version.rb,
lib/sanitizer/sanitizer.rb

Constant Summary

VERSION =

"0.1.7"

@@htmle =

HTMLEntris

HTMLEntities.new

Class Method Summary

• .clean_spaces(text) ⇒ Object
• .entities_to_chars(text) ⇒ Object

  Alguns feeds retornam tags “escapadas” dentro do conteúdo (ex: <br/>) Este método deve ser utilizado após o stripping e sanitização, para não deixar que essas tags sejam exibidas como conteúdo.

• .html_decode(text) ⇒ Object

  Convert invalid chars to HTML Entries.

• .html_encode(text) ⇒ Object

  Convert invalid chars to HTML Entries.

• .sanitize(text) ⇒ Object
• .strip_comments(text) ⇒ Object
• .strip_disallowed_tags(text) ⇒ Object

  Remove all <script> and <style> tags.

• .strip_tags(text, *tags) ⇒ Object

  Remove all tags from from text.

Class Method Details

.clean_spaces(text) ⇒ Object

# File 'lib/sanitizer/sanitizer.rb', line 15

def clean_spaces(text)
  output = text.dup
  output.gsub!(/\s+/, " ")
  output
end

.entities_to_chars(text) ⇒ Object

Alguns feeds retornam tags “escapadas” dentro do conteúdo (ex: &lt;br/&gt;) Este método deve ser utilizado após o stripping e sanitização, para não deixar que essas tags sejam exibidas como conteúdo

# File 'lib/sanitizer/sanitizer.rb', line 74

def entities_to_chars(text)
  output = text.dup
  output.gsub!(/\&lt;/uim, "<")
  output.gsub!(/\&gt;/uim, ">")
  output
end

.html_decode(text) ⇒ Object

Convert invalid chars to HTML Entries

# File 'lib/sanitizer/sanitizer.rb', line 67

def html_decode(text)
  text = text.to_s  
  @@htmle.decode(text, :named)
end

.html_encode(text) ⇒ Object

Convert invalid chars to HTML Entries

# File 'lib/sanitizer/sanitizer.rb', line 61

def html_encode(text)
  text = text.to_s  
  @@htmle.encode(text, :named)
end

.sanitize(text) ⇒ Object

# File 'lib/sanitizer/sanitizer.rb', line 8

def sanitize(text)
  text = strip_tags(text)
  text = clean_spaces(text)
  text = html_encode(text)
  text
end

.strip_comments(text) ⇒ Object

# File 'lib/sanitizer/sanitizer.rb', line 21

def strip_comments(text)
  output = text.dup
  output.gsub!(/(\<\!\-\-\b*[^\-\-\>]*.*?\-\-\>)/ui, "")
  output.gsub!(/(\&lt;\s?\!--.*\s?--\&gt;)/uim, "")
  output
end

.strip_disallowed_tags(text) ⇒ Object

Remove all <script> and <style> tags

# File 'lib/sanitizer/sanitizer.rb', line 29

def strip_disallowed_tags(text)
  output = text
  output.gsub!(/(<script\s*.*>.*<\/script>)/uim, "")
  output.gsub!(/(<script\s*.*\/?>)/uim, "")
  output.gsub!(/(<link\s*.*\/?>)/uim, "")
  output.gsub!(/(<style\s*.*>.*<\/style>)/uim, "")

  # Stripping html entities too
  output.gsub!(/(\&lt;script\s*.*\&gt;.*\&lt;\/script\&gt;)/uim, "")
  output.gsub!(/(\&lt;script\s*.*\/?\&gt;)/uim, "")
  output.gsub!(/(\&lt;link\s*.*\/?\&gt;)/uim, "")
  output.gsub!(/(\&lt;style\s*.*\&gt;.*\&lt;\/style\&gt;)/uim, "")
  output
end

.strip_tags(text, *tags) ⇒ Object

Remove all tags from from text

# File 'lib/sanitizer/sanitizer.rb', line 45

def strip_tags(text, *tags)
  output = text.dup
  if tags.empty? # clear all tags by default
    output.gsub!(/<\/?[^>]*>/uim, "")
    output.gsub!(/\&lt;\/?[^\&gt;]*\&gt;/uim, "")
  else # clean only selected tags 
    strip = tags.map do |tag|  
      %Q{(#{tag})}
    end.join('|')
    output.gsub!(/<\/?(#{strip})[^>]*>/uim, "")
    output.gsub!(/\&lt;\/?(#{strip})[^\&gt;]*\&gt;/uim, "")
  end
  output
end