Class: Loofah::Scrubbers::Escape

Inherits:
Loofah::Scrubber show all
Defined in:
lib/loofah/scrubbers.rb

Overview

scrub!(:escape)

+:escape+ performs HTML entity escaping on the unknown/unsafe tags:

   unsafe_html = "ohai! <div>div is safe</div> <foo>but foo is <b>not</b></foo>"
   Loofah.fragment(unsafe_html).scrub!(:escape)
   => "ohai! <div>div is safe</div> &lt;foo&gt;but foo is &lt;b&gt;not&lt;/b&gt;&lt;/foo&gt;"

Constant Summary

Constants inherited from Loofah::Scrubber

Loofah::Scrubber::CONTINUE, Loofah::Scrubber::STOP

Instance Attribute Summary

Attributes inherited from Loofah::Scrubber

#block, #direction

Instance Method Summary collapse

Methods inherited from Loofah::Scrubber

#append_attribute, #traverse

Constructor Details

#initializeEscape

Returns a new instance of Escape


143
144
145
# File 'lib/loofah/scrubbers.rb', line 143

def initialize
  @direction = :top_down
end

Instance Method Details

#scrub(node) ⇒ Object


147
148
149
150
151
152
# File 'lib/loofah/scrubbers.rb', line 147

def scrub(node)
  return CONTINUE if html5lib_sanitize(node) == CONTINUE
  node.add_next_sibling Nokogiri::XML::Text.new(node.to_s, node.document)
  node.remove
  return STOP
end