Module: Loofah::ScrubBehavior

Defined in:
lib/loofah/instance_methods.rb

Overview

Mixes scrub! into Document, DocumentFragment, Node and NodeSet.

Traverse the document or fragment, invoking the +scrubber+ on
each node.

+scrubber+ must either be one of the symbols representing the
built-in scrubbers (see Scrubbers), or a Scrubber instance.

  span2div = Loofah::Scrubber.new do |node|
    node.name = "div" if node.name == "span"
  end
  Loofah.fragment("<span>foo</span><p>bar</p>").scrub!(span2div).to_s
  # => "<div>foo</div><p>bar</p>"

or

  unsafe_html = "ohai! <div>div is safe</div> <script>but script is not</script>"
  Loofah.fragment(unsafe_html).scrub!(:strip).to_s
  # => "ohai! <div>div is safe</div> "

Note that this method is called implicitly from
Loofah.scrub_fragment and Loofah.scrub_document.

Please see Scrubber for more information on implementation and traversal, and
README.rdoc for more example usage.

Defined Under Namespace

Modules: Node, NodeSet

Class Method Summary collapse

Class Method Details

.resolve_scrubber(scrubber) ⇒ Object

:nodoc:



59
60
61
62
63
64
65
# File 'lib/loofah/instance_methods.rb', line 59

def ScrubBehavior.resolve_scrubber(scrubber) # :nodoc:
  scrubber = Scrubbers::MAP[scrubber].new if Scrubbers::MAP[scrubber]
  unless scrubber.is_a?(Loofah::Scrubber)
    raise Loofah::ScrubberNotFound, "not a Scrubber or a scrubber name: #{scrubber.inspect}"
  end
  scrubber
end