Whistler is a white listing markup filter based on the specifications of the rails plugin by Rick Olson, aka technoweenie. techno-weenie.net/ Whistler relies on the Hpricot library code.whytheluckystiff.net/hpricot
This is very alpha at the moment. Please help make it great.
Whistler strips, and or sanitizes arbitrary XML/HTML style markup of any tags not explicitly included in the white list. It doesn't try to play catch-up with possible exploites such as black-listing systems do.
Usage is very simple.
# Applies the normal white list defaults
Whistler.white_list( dodgy_markup )
# Adds custom tags to allow Whistler.white_list(dodgy_markup, :add_tags => %w(news_tag my_tag other_tag))
If Whistler is unable to read tags as “tags” it will instead sanitize potential XSS attempts in the text. Normal, non-malicious text should still appear correctly.