[ANN] loofah 0.2.0 Released

M

Mike Dalessio

[Note: parts of this message were removed to make it a legal post.]

loofah version 0.2.0 has been released!

* <http://loofah.rubyforge.org/>
* <http://rubyforge.org/projects/loofah>
* <http://github.com/flavorjones/loofah>

Loofah is an HTML sanitizer. It will *always* fix broken markup, but
can also sanitize unsafe tags in a few different ways, and transform
the markup for storage or display.

It's built on top of Nokogiri and libxml2, so it's fast. And it uses
html5lib's whitelist, so it most likely won't make your codes less
secure.

(These statements have not been evaluated by Internet Experts.)

This library was formerly known as Dryopteris.

## FEATURES

* Strip unsafe tags, leaving behind only the inner text.
* Prune unsafe tags and their subtrees, removing all traces that they ever
existed.
* Escape unsafe tags and their subtrees, leaving behind lots of &lt; and
&gt; entities.
* Whitewash the markup, removing all attributes and namespaced nodes.
* Format the markup as plain text.
* ActiveRecord extension.
* 99 44/100 % Tenderlove-free!

## SYNOPSIS

For a full explanation, see the documentation for Loofah.

require 'loofah'

unsafe_html = "ohai! <div>a div is safe</div> <script>but script is
not</script>"

Loofah.scrub_fragment(unsafe_html, :prune).to_s # => "ohai! <div>div is
safe</div> "

OR

doc = Loofah.fragment(unsafe_html) # returns a Nokogiri document ...
doc.scrub!:)prune) # ... with one extra method
doc.to_s # => "ohai! <div>div is safe</div> "
doc.text # => "ohai! div is safe "

### ACTIVERECORD EXTENSION

# config/environment.rb
require 'loofah/active_record'

# db/schema.rb
create_table "posts" do |t|
t.string "title"
t.string "body"
end

# app/model/post.rb
class Post < ActiveRecord::Base
html_fragment :body, :scrub => :prune # scrubs 'body' in a before_save
end

## REQUIREMENTS

* ruby 1.8 or 1.9
* Nokogiri >= 1.3.3

## INSTALLATION

Unsurprisingly:

* gem install loofah


Changes:

## 0.2.0

* Swank new API.
* ActiveRecord extension.
* Uses Nokogiri's Document and DocumentFragment for parsing.
* Updated html5lib codes and tests to revision 1384:b9d3153d7be7.
* Deprecated the Dryopteris sanitization methods. Will be removed in 0.3.0.
* Documentation! Hey!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,479
Members
44,899
Latest member
RodneyMcAu

Latest Threads

Top