lib/sanitize.rb in sanitize-1.0.4 vs lib/sanitize.rb in sanitize-1.0.5
- old
+ new
@@ -38,15 +38,15 @@
require 'sanitize/monkeypatch/hpricot'
class Sanitize
# Matches an attribute value that could be treated by a browser as a URL
- # with a protocol prefix, such as "http:" or "javascript:". Any string of one
+ # with a protocol prefix, such as "http:" or "javascript:". Any string of zero
# or more characters followed by a colon is considered a match, even if the
# colon is encoded as an entity and even if it's an incomplete entity (which
# IE6 and Opera will still parse).
- REGEX_PROTOCOL = /^([^:]+)(?:\:|�*58|�*3a)(?:[^0-9a-f]|$)/i
+ REGEX_PROTOCOL = /^([^:]*)(?:\:|�*58|�*3a)/i
#--
# Class Methods
#++
@@ -84,21 +84,21 @@
def clean!(html)
fragment = Hpricot(html)
fragment.search('*') do |node|
if node.bogusetag? || node.doctype? || node.procins? || node.xmldecl?
- node.swap('')
+ node.parent.replace_child(node, '')
next
end
if node.comment?
- node.swap('') unless @config[:allow_comments]
+ node.parent.replace_child(node, '') unless @config[:allow_comments]
elsif node.elem?
name = node.name.to_s.downcase
# Delete any element that isn't in the whitelist.
unless @config[:elements].include?(name)
- node.parent.replace_child(node, node.children)
+ node.parent.replace_child(node, node.children || '')
next
end
if @config[:attributes].has_key?(name)
# Delete any attribute that isn't in the whitelist for this element.