Class: Rails::Html::FullSanitizer

Inherits:

Sanitizer

• Object
• Sanitizer
• Rails::Html::FullSanitizer

Defined in:

lib/rails/html/sanitizer.rb

Overview

Rails::Html::FullSanitizer

Removes all tags but strips out scripts, forms and comments.

full_sanitizer = Rails::Html::FullSanitizer.new full_sanitizer.sanitize(“Bold no more! <a href=‘more.html’>See more here</a>…”) # => Bold no more! See more here…

Constant Summary

Constants inherited from Sanitizer

Sanitizer::VERSION

Instance Method Summary

• #sanitize(html, options = {}) ⇒ Object

Methods inherited from Sanitizer

full_sanitizer, link_sanitizer, safe_list_sanitizer, white_list_sanitizer

Instance Method Details

#sanitize(html, options = {}) ⇒ Object

# File 'lib/rails/html/sanitizer.rb', line 29

def sanitize(html, options = {})
  return unless html
  return html if html.empty?

  loofah_fragment = Loofah.fragment(html)

  remove_xpaths(loofah_fragment, XPATHS_TO_REMOVE)
  loofah_fragment.scrub!(TextOnlyScrubber.new)

  properly_encode(loofah_fragment, encoding: 'UTF-8')
end