HtmlFilter
HTML Filter library can be used to sanitize and sterilize HTML. A good idea if you let users submit HTML in comments, for instance.
lib_filter.php, v1.15 by Cal Henderson <cal@iamcal.com>
This code is licensed under a Creative Commons Attribution-ShareAlike 2.5 License creativecommons.org/licenses/by-sa/2.5/
Thanks to Jang Kim for adding support for single quoted attributes.
Reference
Methods
filter
new
Included Modules
Constants
| DEFAULT | = | { 'allowed' => { 'a' => ['href', 'target'], 'b' => [], 'i' => [], 'img' => ['src', 'width', 'height', 'alt'] |
| default settings | ||
Attributes
| [RW] | allow_numbered_entities | entity control option (true, false) |
| [RW] | allowed |
tags and attributes that are allowed
Eg.
{
'a' => ['href', 'target'],
'b' => [],
'img' => ['src', 'width', 'height', 'alt']
}
|
| [RW] | allowed_entities | entity control option (amp, gt, lt, quot, etc.) |
| [RW] | allowed_protocols | protocols which are allowed (http, ftp, mailto) |
| [RW] | always_close | tags which must always have seperate opening and closing tags (e.g. "") |
| [RW] | always_make_tags | should we try and make a b tag out of "b>" (true, false) |
| [RW] | no_close | tags which should always be self-closing (e.g. "<img />") |
| [RW] | protocol_attributes | attributes which should be checked for valid protocols (src,href) |
| [RW] | remove_blanks | tags which should be removed if they contain no content (e.g. "" or "<b />") |
| [RW] | strip_comments | should we remove comments? (true, false) |
| [R] | tag_counts | internal tag counter |
Public Class methods
New html filter.
[ + ]
# File lib/more/facets/htmlfilter.rb, line 122 def initialize( options=nil ) if options h = DEFAULT.dup options.each do |k,v| h[k.to_s] = v end options = h else options = DEFAULT.dup end options.each{ |k,v| send("#{k}=",v) } end
Public Instance methods
Filter html string.
[ + ]
# File lib/more/facets/htmlfilter.rb, line 138 def filter(data) @tag_counts = {} data = escape_comments(data) data = balance_html(data) data = check_tags(data) data = process_remove_blanks(data) data = validate_entities(data) return data end