Whistler is a white listing markup filter based on the specifications of the rails plugin by Rick Olson, aka technoweenie. techno-weenie.net/ Whistler relies on the Hpricot library code.whytheluckystiff.net/hpricot

This is very alpha at the moment. Please help make it great.

Whistler strips, and or sanitizes arbitrary XML/HTML style markup of any tags not explicitly included in the white list. It doesn't try to play catch-up with possible exploites such as black-listing systems do.

Usage is very simple.


# Applies the normal white list defaults

Whistler.white_list( dodgy_markup )

# Adds custom tags to allow Whistler.white_list(dodgy_markup, :add_tags => %w(news_tag my_tag other_tag))

If Whistler is unable to read tags as “tags” it will instead sanitize potential XSS attempts in the text. Normal, non-malicious text should still appear correctly.