Plugins - WhiteList - Agile Web Development

Plugins - WhiteList

This White Listing helper will html encode all tags and strip all attributes that aren’t specifically allowed. It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out the extensive test suite.

  <%= white_list @article.body %>

You can add or remove tags/attributes if you want to customize it a bit.

add table tags

  WhiteListHelper.tags += %w(table td th)

remove tags

  WhiteListHelper.tags -= %w(div span)

clear any attributes that are allowed for tags

  WhiteListHelper.attributes['a'] = []

allow a new attribute for the tag

  WhiteListHelper.attributes['img'] += %w(style)

add new tag with attributes

  WhiteListHelper.attributes['table'] = %w(cellpadding cellspacing)

change allowed attributes for all tags

  WhiteListHelper.attributes[nil] = %w(id class style)

Owner: Rick Olson

Repository: http://svn.techno-weenie.net/projects/plugins/white_list/

License: Rails' (MIT)

Rating:12 votes

Currently 4.8/5 Stars.
1
2
3
4
5

Category: View Extensions

Comments

Add a comment

Agile Web Development

Build it. Launch it. Love it.

Plugins - WhiteList

Tags

Comments

Search Plugins

Plugins by Category

Sponsors

Have a comment?