Module: Whistler

Defined in:

lib/whistler/white_list.rb

Class Method Summary

• .protocol_attributes ⇒ Object
• .protocol_separator ⇒ Object
• .white_attributes ⇒ Object

  An array of default allowed attributes.

• .white_list(string, opts = {}) ⇒ Object

  This is the work horse of the Whistler gem.

• .white_protocols ⇒ Object

  An array of default allowed protocols.

• .white_tags ⇒ Object

  An array of default allowed tags.

Instance Method Summary

• #white_list(string, opts = {}) ⇒ Object

Class Method Details

.protocol_attributes ⇒ Object

# File 'lib/whistler/white_list.rb', line 4

def self.protocol_attributes
  @_protocol_attributes = %w(src href)
end

.protocol_separator ⇒ Object

# File 'lib/whistler/white_list.rb', line 8

def self.protocol_separator
  @_protocol_seperator = /:|(&#0*58)|(&#x70)|(%|%)3A/
end

.white_attributes ⇒ Object

An array of default allowed attributes

# File 'lib/whistler/white_list.rb', line 18

def self.white_attributes
  @_white_attributes ||= %w(href src width height alt cite datetime title class name)
end

.white_list(string, opts = {}) ⇒ Object

This is the work horse of the Whistler gem. It whitelists a string of Markup. string - The string to white list opts - A group of options to apply for this run

valid options

• :tags - An array of allowed tags. This list is exlusive of all others and only tags included in this list will be allowed

• :add_tags - An array of extra allowed tags. All normal tags are allowed, plus the ones specified in this array

• :attributes - An array of allowed attributes. This list is exlusive of all others and only attributes included will be allowed.

Example

Whistler.white_list(my_markup_string, :add_tags => %w(object param) )

}} Allows object and param tags in addition to normal allowed tags.

# File 'lib/whistler/white_list.rb', line 41

def self.white_list(string, opts = {})
  return nil if string.nil?
  w_tags  = get_white_tags(opts)
  w_attrs = get_white_attributes(opts)
  
  string = string.gsub("\000", "")
  
  doc = Hpricot(string)
  doc.traverse_element do |elem|
    if elem.elem?
      if w_tags.include?(elem.name)
        (elem.attributes.keys - w_attrs).each{|a| elem.remove_attribute(a)}
        (elem.attributes.keys & Whistler.protocol_attributes).each{|a| elem.remove_attribute(a) if contains_bad_protocols?(elem[a])}
        elem.raw_attributes.each{|a,v| elem.raw_attributes[a] = clean_attribute(v)}
      else
        elem.parent.children.delete(elem) 
      end
    elsif elem.text?
      elem.parent.replace_child(elem, Hpricot::Text.new(escape_text(elem.to_s)))    
    end
  end
  doc.to_html
end

.white_protocols ⇒ Object

An array of default allowed protocols

# File 'lib/whistler/white_list.rb', line 23

def self.white_protocols
  @_white_protocols ||= %w(ed2k ftp http https irc mailto news gopher nntp telnet webcal xmpp callto feed)
end

.white_tags ⇒ Object

An array of default allowed tags.

# File 'lib/whistler/white_list.rb', line 13

def self.white_tags
  @_white_tags ||= %w(strong em b i p code pre tt output samp kbd var sub sup dfn cite big small address hr br div span h1 h2 h3 h4 h5 h6 ul ol li dt dd abbr acronym a img blockquote del ins fieldset legend)
end

Instance Method Details

#white_list(string, opts = {}) ⇒ Object

# File 'lib/whistler/white_list.rb', line 65

def white_list(string, opts = {} )
  Whistler.white_list(string, opts)
end