Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Rename :allow_text config setting to :process_text_nodes. Add docs.

  • Loading branch information...
commit f8688ac992c90e82768a8051ed1a274f3f911bb0 1 parent 565fbc5
@rgrove authored
View
4 HISTORY
@@ -1,7 +1,7 @@
Sanitize History
================================================================================
-Version 1.2.? (git)
+Version 1.2.2 (git)
* The environment hash passed into transformers now includes an
:allowed_elements Hash to facilitate faster lookups when attempting to
determine whether an element is in the whitelist. [Suggested by Nicholas
@@ -9,6 +9,8 @@ Version 1.2.? (git)
* The environment hash passed into transformers now includes a
:whitelist_nodes Array, so transformers now have insight into what nodes
have been whitelisted by other transformers. [Suggested by Nicholas Evans]
+ * Added a :process_text_nodes config setting. If set to true, Sanitize will
+ pass text nodes to transformers. The default is false. [Ardie Saeidi]
* Added a workaround for a bug in Nokogiri 1.4.2 and higher (issue #315) that
causes "</body></html>" to be appended to the CDATA inside unterminated
script and style elements.
View
8 README.rdoc
@@ -14,7 +14,7 @@ of fragile regular expressions, Sanitize has no trouble dealing with malformed
or maliciously-formed HTML, and will always output valid HTML or XHTML.
*Author*:: Ryan Grove (mailto:ryan@wonko.com)
-*Version*:: 1.2.? (git)
+*Version*:: 1.2.2 (git)
*Copyright*:: Copyright (c) 2010 Ryan Grove. All rights reserved.
*License*:: MIT License (http://opensource.org/licenses/mit-license.php)
*Website*:: http://github.com/rgrove/sanitize
@@ -142,6 +142,11 @@ defaulting to <code>:xhtml</code>.
Character encoding to use for HTML output. Default is <code>'utf-8'</code>.
+==== :process_text_nodes (Boolean)
+
+Whether or not to process text nodes. Enabling this will allow text nodes to be
+processed by transformers. The default is <code>false</code>.
+
==== :protocols (Hash)
URL protocols to allow in specific attributes. If an attribute is listed here
@@ -318,6 +323,7 @@ or ideas that later became code:
* Mutwin Kraus <mutle@blogage.de>
* Dev Purkayastha <dev.purkayastha@gmail.com>
* David Reese <work@whatcould.com>
+* Ardie Saeidi <ardalan.saeidi@gmail.com>
* Rafael Souza <me@rafaelss.com>
* Ben Wanicur <bwanicur@verticalresponse.com>
View
2  lib/sanitize.rb
@@ -138,7 +138,7 @@ def clean_node!(node)
@whitelist_nodes = []
node.traverse do |child|
- if child.element? || (child.text? && @config[:allow_text])
+ if child.element? || (child.text? && @config[:process_text_nodes])
clean_element!(child)
elsif child.comment?
child.unlink unless @config[:allow_comments]
View
19 lib/sanitize/config.rb
@@ -1,16 +1,16 @@
#--
# Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
-#
+#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the 'Software'), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
-#
+#
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
-#
+#
# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
@@ -23,7 +23,7 @@
class Sanitize
module Config
DEFAULT = {
-
+
# Whether or not to allow HTML comments. Allowing comments is strongly
# discouraged, since IE allows script execution within conditional
# comments.
@@ -48,6 +48,10 @@ module Config
# Character encoding to use for HTML output. Default is 'utf-8'.
:output_encoding => 'utf-8',
+ # Whether or not to process text nodes. Enabling this will allow text
+ # nodes to be processed by transformers.
+ :process_text_nodes => false,
+
# URL handling protocols to allow in specific attributes. By default, no
# protocols are allowed. Use :relative in place of a protocol if you want
# to allow relative URLs sans protocol.
@@ -65,11 +69,8 @@ module Config
# Transformers allow you to filter or alter nodes using custom logic. See
# README.rdoc for details and examples.
- :transformers => [],
-
- # Whether or not to allow processing of text nodes. Allow only if you need to
- # apply transforms to text.
- :allow_text => false
+ :transformers => []
+
}
end
end
View
18 test/spec_sanitize.rb
@@ -362,7 +362,7 @@
# (<object>).
{:whitelist_nodes => [node, parent]}
end
-
+
# Text transform.
# Example of transforming text nodes.
text_transform = lambda do |env|
@@ -439,18 +439,18 @@
Sanitize.clean!('<b>foo</b>', :transformers => lambda {|env| 'hello' })
end
end
-
- should 'allow processing of text nodes' do
+
+ should 'processing text nodes when :process_text_nodes is true' do
input = "foo"
output = "<p>foo</p>"
-
- Sanitize.clean(input, :allow_text => true, :transformers => text_transform).should.equal(output)
+
+ Sanitize.clean(input, :process_text_nodes => true, :transformers => text_transform).should.equal(output)
end
-
- should 'not allow processing of text nodes' do
+
+ should 'not process text nodes by default' do
input = "foo"
-
- Sanitize.clean(input, :allow_text => false, :transformers => text_transform).should.equal(input)
+
+ Sanitize.clean(input, :transformers => text_transform).should.equal(input)
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.