instiki/lib/sanitize.rb

module Sanitize

# This module provides sanitization of XHTML+MathML+SVG 
# and of inline style attributes.
#
# Uses the HTML5lib parser, so that the parsing behaviour should
# resemble that of browsers.
#
#  sanitize_xhtml() is a case-sensitive sanitizer, suitable for XHTML
#  sanitize_html() is a case-insensitive sanitizer suitable for HTML


  require 'html5lib/sanitizer'
  require 'html5lib/html5parser'
  require 'html5lib/liberalxmlparser'
  include HTML5lib

  def sanitize_xhtml(html)
    XHTMLParser.parseFragment(html, :tokenizer => HTMLSanitizer).to_s
  end

  def sanitize_html(html)
    HTMLParser.parseFragment(html, :tokenizer => HTMLSanitizer).to_s
  end

end
Finally! XSS-protection, done right. If you want something done right, ... 2007-02-22 08:06:53 +01:00			`module Sanitize`

HTML5lib is Back. Synced with latest version of HTML5lib, which fixes problem with Astral plane characters. I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer. 2007-05-30 17:45:52 +02:00			`# This module provides sanitization of XHTML+MathML+SVG`
Finally! XSS-protection, done right. If you want something done right, ... 2007-02-22 08:06:53 +01:00			`# and of inline style attributes.`
			`#`
HTML5lib is Back. Synced with latest version of HTML5lib, which fixes problem with Astral plane characters. I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer. 2007-05-30 17:45:52 +02:00			`# Uses the HTML5lib parser, so that the parsing behaviour should`
			`# resemble that of browsers.`
			`#`
			`# sanitize_xhtml() is a case-sensitive sanitizer, suitable for XHTML`
			`# sanitize_html() is a case-insensitive sanitizer suitable for HTML`
Finally! XSS-protection, done right. If you want something done right, ... 2007-02-22 08:06:53 +01:00

HTML5lib is Back. Synced with latest version of HTML5lib, which fixes problem with Astral plane characters. I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer. 2007-05-30 17:45:52 +02:00			`require 'html5lib/sanitizer'`
			`require 'html5lib/html5parser'`
			`require 'html5lib/liberalxmlparser'`
			`include HTML5lib`
Finally! XSS-protection, done right. If you want something done right, ... 2007-02-22 08:06:53 +01:00
HTML5lib is Back. Synced with latest version of HTML5lib, which fixes problem with Astral plane characters. I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer. 2007-05-30 17:45:52 +02:00			`def sanitize_xhtml(html)`
			`XHTMLParser.parseFragment(html, :tokenizer => HTMLSanitizer).to_s`
			`end`
Finally! XSS-protection, done right. If you want something done right, ... 2007-02-22 08:06:53 +01:00
HTML5lib is Back. Synced with latest version of HTML5lib, which fixes problem with Astral plane characters. I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer. 2007-05-30 17:45:52 +02:00			`def sanitize_html(html)`
			`HTMLParser.parseFragment(html, :tokenizer => HTMLSanitizer).to_s`
			`end`
Finally! XSS-protection, done right. If you want something done right, ... 2007-02-22 08:06:53 +01:00
HTML5lib is Back. Synced with latest version of HTML5lib, which fixes problem with Astral plane characters. I should really do some tests, but the HTML5lib Sanitizer seems to be 2-5 times slower than the old sanitizer. 2007-05-30 17:45:52 +02:00			`end`