Objectified version of Technoweenie's white_list plugin for Rails. Implemented as a class, not as a helper.
Ruby
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
lib
test
AUTHORS
CHANGELOG
README
Rakefile
init.rb

README

WhiteList
=========

This White Listing helper will html encode all tags and strip all attributes that aren't specifically allowed.  
It also strips href/src tags with invalid protocols, like javascript: especially.  It does its best to counter any
tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters.  Check out
the extensive test suite.

  <%= white_list @article.body %>

You can add or remove tags/attributes if you want to customize it a bit.

Add table tags
  
  WhiteListHelper.tags.merge %w(table td th)

Remove tags
  
  WhiteListHelper.tags.delete 'div'

Change allowed attributes

  WhiteListHelper.attributes.merge %w(id class style)

white_list accepts a block for custom tag escaping.  Shown below is the default block that white_list uses if none is given.
The block is called for all bad tags, and every text node.  node is an instance of HTML::Node (either HTML::Tag or HTML::Text).  
bad is nil for text nodes inside good tags, or is the tag name of the bad tag.  

  <%= white_list(@article.body) { |node, bad| white_listed_bad_tags.include?(bad) ? nil : node.to_s.gsub(/</, '&lt;') } %>
  
Original plugin website: http://weblog.techno-weenie.net/2006/9/3/white-listing-plugin-for-rails
Original plugin SVN: http://svn.techno-weenie.net/projects/plugins/white_list/