lib/sanitize.rb in sanitize-1.2.1 vs lib/sanitize.rb in sanitize-1.2.2.dev.20100822
- old
+ new
@@ -25,10 +25,11 @@
require 'sanitize/version'
require 'sanitize/config'
require 'sanitize/config/restricted'
require 'sanitize/config/basic'
require 'sanitize/config/relaxed'
+require 'sanitize/transformers/fix_fragment_cdata'
class Sanitize
attr_reader :config
# Matches an attribute value that could be treated by a browser as a URL
@@ -88,16 +89,26 @@
# Specific nodes to whitelist (along with all their attributes). This array
# is generated at runtime by transformers, and is cleared before and after
# a fragment is cleaned (so it applies only to a specific fragment).
@whitelist_nodes = []
+
+ # Workaround for a fragment parsing bug in Nokogiri >= 1.4.2. The naïve
+ # version check is fine here; there are no side effects for unaffected
+ # versions except slightly worse performance, and I plan to remove this hack
+ # as soon as Nokogiri fixes the bug on their end.
+ if Nokogiri::VERSION > '1.4.1'
+ @config[:transformers] << Transformers::FIX_FRAGMENT_CDATA
+ end
end
# Returns a sanitized copy of _html_.
def clean(html)
- dupe = html.dup
- clean!(dupe) || dupe
+ if html
+ dupe = html.dup
+ clean!(dupe) || dupe
+ end
end
# Performs clean in place, returning _html_, or +nil+ if no changes were
# made.
def clean!(html)
@@ -213,12 +224,14 @@
:whitelist => false
}
@config[:transformers].inject(node) do |transformer_node, transformer|
transform = transformer.call({
- :config => @config,
- :node => transformer_node,
- :node_name => transformer_node.name.downcase
+ :allowed_elements => @allowed_elements,
+ :config => @config,
+ :node => transformer_node,
+ :node_name => transformer_node.name.downcase,
+ :whitelist_nodes => @whitelist_nodes
})
if transform.nil?
transformer_node
elsif transform.is_a?(Hash)