WhiteList
=========

This White Listing helper will html encode all tags and strip all attributes that aren't specifically allowed.  
It also strips href/src tags with invalid protocols, like javascript: especially.  It does its best to counter any
tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters.  Check out
the extensive test suite.

  <%= white_list @article.body %>

You can add or remove tags/attributes if you want to customize it a bit.

add table tags
  
  WhiteListHelper.tags += %w(table td th)

remove tags
  
  WhiteListHelper.tags -= %w(div span)

clear any attributes that are allowed for <a> tags

  WhiteListHelper.attributes['a'] = []

allow a new attribute for the <img> tag

  WhiteListHelper.attributes['img'] += %w(style)

add new tag with attributes

  WhiteListHelper.attributes['table'] = %w(cellpadding cellspacing)

change allowed attributes for all tags

  WhiteListHelper.attributes[nil] = %w(id class style)