Sha256: 257b275808fd04542a940b9ffa17b5ae0d73d471fde1f96a9fb5d4149951662e

Contents?: true

Size: 995 Bytes

Versions: 9

Compression:

Stored size: 995 Bytes

Contents

WhiteList
=========

This White Listing helper will html encode all tags and strip all attributes that aren't specifically allowed.  
It also strips href/src tags with invalid protocols, like javascript: especially.  It does its best to counter any
tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters.  Check out
the extensive test suite.

  <%= white_list @article.body %>

You can add or remove tags/attributes if you want to customize it a bit.

add table tags
  
  WhiteListHelper.tags += %w(table td th)

remove tags
  
  WhiteListHelper.tags -= %w(div span)

clear any attributes that are allowed for <a> tags

  WhiteListHelper.attributes['a'] = []

allow a new attribute for the <img> tag

  WhiteListHelper.attributes['img'] += %w(style)

add new tag with attributes

  WhiteListHelper.attributes['table'] = %w(cellpadding cellspacing)

change allowed attributes for all tags

  WhiteListHelper.attributes[nil] = %w(id class style)

Version data entries

9 entries across 9 versions & 1 rubygems

Version Path
community_engine-3.0.0 vendor/converted2.3plugins_to_lib_leftovers/white_list/README
community_engine-2.3.2 vendor/plugins/white_list/README
community_engine-2.3.1 vendor/plugins/white_list/README
community_engine-2.3.0 vendor/plugins/white_list/README
community_engine-2.1.0 vendor/plugins/white_list/README
community_engine-2.0.0 vendor/plugins/white_list/README
community_engine-2.0.0.beta3 vendor/plugins/white_list/README
community_engine-2.0.0.beta2 vendor/plugins/white_list/README
community_engine-2.0.0.beta1 vendor/plugins/white_list/README