2007-02-22 08:06:53 +01:00
|
|
|
module Sanitize
|
|
|
|
|
2007-05-30 17:45:52 +02:00
|
|
|
# This module provides sanitization of XHTML+MathML+SVG
|
2007-02-22 08:06:53 +01:00
|
|
|
# and of inline style attributes.
|
|
|
|
#
|
2007-05-30 17:45:52 +02:00
|
|
|
# Uses the HTML5lib parser, so that the parsing behaviour should
|
|
|
|
# resemble that of browsers.
|
|
|
|
#
|
|
|
|
# sanitize_xhtml() is a case-sensitive sanitizer, suitable for XHTML
|
|
|
|
# sanitize_html() is a case-insensitive sanitizer suitable for HTML
|
2007-06-05 23:34:49 +02:00
|
|
|
# sanitize_rexml() sanitized a REXML tree, returning a string
|
2007-02-22 08:06:53 +01:00
|
|
|
|
|
|
|
|
2007-05-30 17:45:52 +02:00
|
|
|
require 'html5lib/html5parser'
|
|
|
|
require 'html5lib/liberalxmlparser'
|
2007-06-05 23:34:49 +02:00
|
|
|
require 'html5lib/treewalkers'
|
2007-06-08 08:23:09 +02:00
|
|
|
require 'html5lib/treebuilders'
|
2007-06-05 23:34:49 +02:00
|
|
|
require 'html5lib/serializer'
|
|
|
|
require 'string_utils'
|
|
|
|
require 'html5lib/sanitizer'
|
|
|
|
|
2007-05-30 17:45:52 +02:00
|
|
|
include HTML5lib
|
2007-02-22 08:06:53 +01:00
|
|
|
|
2007-06-08 08:23:09 +02:00
|
|
|
# Sanitize a string, parsed using XHTML parsing rules.
|
|
|
|
#
|
|
|
|
# :call-seq:
|
|
|
|
# sanitize_xhtml(string) -> string
|
|
|
|
# sanitize_xhtml(string, {:encoding => 'iso-8859-1', :to_tree => true}) -> REXML::Document
|
|
|
|
#
|
|
|
|
# Unless otherwise specified, the string is assumed to be utf-8 encoded.
|
|
|
|
# By default, the output is a string. But, optionally, you can return a REXML tree.
|
|
|
|
def sanitize_xhtml(html, options = {})
|
|
|
|
@encoding = 'utf-8'
|
|
|
|
@treebuilder = TreeBuilders::REXML::TreeBuilder
|
|
|
|
@to_tree = false
|
|
|
|
options.each do |name, value|
|
|
|
|
next unless %w(encoding treebuilder to_tree).include? name.to_s
|
|
|
|
if name.to_s == 'treebuilder'
|
|
|
|
@treebuilder = HTML5lib::TreeBuilders.getTreeBuilder(value)
|
|
|
|
else
|
|
|
|
instance_variable_set("@#{name}", value)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
parsed = XHTMLParser.parseFragment(html.to_ncr, {:tokenizer => HTMLSanitizer,
|
|
|
|
:encoding => @encoding, :tree => @treebuilder })
|
|
|
|
return parsed if @to_tree
|
|
|
|
return parsed.to_s
|
2007-05-30 17:45:52 +02:00
|
|
|
end
|
2007-02-22 08:06:53 +01:00
|
|
|
|
2007-06-08 08:23:09 +02:00
|
|
|
# Sanitize a string, parsed using HTML parsing rules.
|
|
|
|
#
|
|
|
|
# :call-seq:
|
|
|
|
# sanitize_html(string) -> string
|
|
|
|
# sanitize_html(string, {:encoding => 'iso-8859-1', :to_tree => true}) -> REXML::Document
|
|
|
|
#
|
|
|
|
# Unless otherwise specified, the string is assumed to be utf-8 encoded.
|
|
|
|
# By default, the output is a string. But, optionally, you can return a REXML tree.
|
|
|
|
def sanitize_html(html, options = {})
|
|
|
|
@encoding = 'utf-8'
|
|
|
|
@treebuilder = TreeBuilders::REXML::TreeBuilder
|
|
|
|
@to_tree = false
|
|
|
|
options.each do |name, value|
|
|
|
|
next unless %w(encoding treebuilder to_tree).include? name.to_s
|
|
|
|
if name.to_s == 'treebuilder'
|
|
|
|
@treebuilder = HTML5lib::TreeBuilders.getTreeBuilder(value)
|
|
|
|
else
|
|
|
|
instance_variable_set("@#{name}", value)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
parsed = HTMLParser.parseFragment(html.to_ncr, {:tokenizer => HTMLSanitizer,
|
|
|
|
:encoding => @encoding, :tree => @treebuilder })
|
|
|
|
return parsed if @to_tree
|
|
|
|
return parsed.to_s
|
2007-05-30 17:45:52 +02:00
|
|
|
end
|
2007-02-22 08:06:53 +01:00
|
|
|
|
2007-06-08 08:23:09 +02:00
|
|
|
# Sanitize a REXML tree. The output is a string.
|
|
|
|
#
|
|
|
|
# :call-seq:
|
|
|
|
# sanitize_rexml(tree) -> string
|
|
|
|
#
|
2007-06-05 23:34:49 +02:00
|
|
|
def sanitize_rexml(tree)
|
|
|
|
tokens = TreeWalkers.getTreeWalker('rexml').new(tree.to_ncr)
|
|
|
|
HTMLSerializer.serialize(tokens, {:encoding=>'utf-8',
|
2007-06-06 01:06:26 +02:00
|
|
|
:quote_attr_values => true,
|
|
|
|
:minimize_boolean_attributes => false,
|
|
|
|
:use_trailing_solidus => true,
|
|
|
|
:space_before_trailing_solidus => true,
|
|
|
|
:omit_optional_tags => false,
|
|
|
|
:inject_meta_charset => false,
|
|
|
|
:sanitize => true})
|
2007-06-05 23:34:49 +02:00
|
|
|
end
|
2007-05-30 17:45:52 +02:00
|
|
|
end
|