Module: Loofah::ScrubBehavior

Defined in:
lib/loofah/concerns.rb

Overview

Mixes scrub! into Document, DocumentFragment, Node and NodeSet.

Traverse the document or fragment, invoking the scrubber on each node.

scrubber must either be one of the symbols representing the built-in scrubbers (see Scrubbers), or a Scrubber instance.

span2div = Loofah::Scrubber.new do |node|
 node.name = "div" if node.name == "span"
end
Loofah.html5_fragment("<span>foo</span><p>bar</p>").scrub!(span2div).to_s
# => "<div>foo</div><p>bar</p>"

or

unsafe_html = "ohai! <div>div is safe</div> <script>but script is not</script>"
Loofah.html5_fragment(unsafe_html).scrub!(:strip).to_s
# => "ohai! <div>div is safe</div> "

Note that this method is called implicitly from the shortcuts Loofah.scrub_html5_fragment et al.

Please see Scrubber for more information on implementation and traversal, and README.rdoc for more example usage.

Defined Under Namespace

Modules: Node, NodeSet

Class Method Summary collapse

Class Method Details

.resolve_scrubber(scrubber) ⇒ Object

:nodoc:



59
60
61
62
63
64
65
66
 
# File 'lib/loofah/concerns.rb', line 59

def resolve_scrubber(scrubber) # :nodoc:
  scrubber = Scrubbers::MAP[scrubber].new if Scrubbers::MAP[scrubber]
  unless scrubber.is_a?(Loofah::Scrubber)
    raise Loofah::ScrubberNotFound, "not a Scrubber or a scrubber name: #{scrubber.inspect}"
  end

  scrubber
end