Module: Loofah::Helpers

Defined in:

lib/loofah/helpers.rb

Defined Under Namespace

Modules: ActionView

Class Method Summary

• .remove_extraneous_whitespace(string) ⇒ Object

  A helper to remove extraneous whitespace from text-ified HTML.

• .sanitize(string_or_io) ⇒ Object

  A replacement for Rails’s built-in sanitize helper.

• .sanitize_css(style_string) ⇒ Object

  A replacement for Rails’s built-in sanitize_css helper.

• .strip_tags(string_or_io) ⇒ Object

  A replacement for Rails’s built-in strip_tags helper.

Class Method Details

.remove_extraneous_whitespace(string) ⇒ Object

A helper to remove extraneous whitespace from text-ified HTML.

TODO: remove this in a future major-point-release.

# File 'lib/loofah/helpers.rb', line 43

def remove_extraneous_whitespace(string)
  Loofah.remove_extraneous_whitespace(string)
end

.sanitize(string_or_io) ⇒ Object

A replacement for Rails’s built-in sanitize helper.

Loofah::Helpers.sanitize("<script src=http://ha.ckers.org/xss.js></script>")
# => "&lt;script src=\"http://ha.ckers.org/xss.js\"&gt;&lt;/script&gt;"

# File 'lib/loofah/helpers.rb', line 21

def sanitize(string_or_io)
  loofah_fragment = Loofah.html4_fragment(string_or_io)
  loofah_fragment.scrub!(:strip)
  loofah_fragment.xpath("./form").each(&:remove)
  loofah_fragment.to_s
end

.sanitize_css(style_string) ⇒ Object

A replacement for Rails’s built-in sanitize_css helper.

Loofah::Helpers.sanitize_css("display:block;background-image:url(http://example.com/foo.jpg)")
# => "display: block;"

# File 'lib/loofah/helpers.rb', line 34

def sanitize_css(style_string)
  ::Loofah::HTML5::Scrub.scrub_css(style_string)
end

.strip_tags(string_or_io) ⇒ Object

A replacement for Rails’s built-in strip_tags helper.

Loofah::Helpers.strip_tags("<div>Hello <b>there</b></div>") # => "Hello there"

# File 'lib/loofah/helpers.rb', line 11

def strip_tags(string_or_io)
  Loofah.html4_fragment(string_or_io).text
end