Contents

require 'sanitize'

module Softcover
  module Sanitizer
    extend self

    # Sanitization suitable for displaying untrusted generated html, while
    # retaining useful tags and attributes.

    def clean(html)
      return unless html

      sanitize_options = {
        elements: %w{div span p a ul ol li h1 h2 h3
          pre em sup table tbody thead tr td img},
        remove_contents: %w{script},
        attributes: {
          'div' => %w{id class data-tralics-id data-number data-chapter},
          'a'   => %w{id class href},
          'span'=> %w{id class style},
          'ol'  => %w{id class},
          'ul'  => %w{id class},
          'li'  => %w{id class},
          'sup' => %w{id class},
          'h1'  => %w{id class},
          'h2'  => %w{id class},
          'h3'  => %w{id class},
          'img' => %w{id class src alt},
          'em'  => %w{id class}
        },
        protocols: {
          'a'   => {'href' => [:relative, 'http', 'https', 'mailto']},
          'img' => {'src'  => [:relative, 'http', 'https']}
        },
        output: :xhtml
      }

      Sanitize.clean(html.force_encoding("UTF-8"), sanitize_options)
    end
  end
end

Version data entries

13 entries across 13 versions & 1 rubygems

Version	Path
softcover-0.7.1	lib/softcover/sanitizer.rb
softcover-0.7.0	lib/softcover/sanitizer.rb
softcover-0.6.10	lib/softcover/sanitizer.rb
softcover-0.6.9	lib/softcover/sanitizer.rb
softcover-0.6.7	lib/softcover/sanitizer.rb
softcover-0.6.6	lib/softcover/sanitizer.rb
softcover-0.6.5	lib/softcover/sanitizer.rb
softcover-0.6.4	lib/softcover/sanitizer.rb
softcover-0.6.3	lib/softcover/sanitizer.rb
softcover-0.6.2	lib/softcover/sanitizer.rb
softcover-0.6.1	lib/softcover/sanitizer.rb
softcover-0.6.0	lib/softcover/sanitizer.rb
softcover-0.5.0	lib/softcover/sanitizer.rb