Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
36 lines (21 sloc) 907 Bytes

Inquisition

Introduction

Inquisition will sanitize HTML as to help avoid cross site scripting attacks! It keeps your strings heresy-free.

How

Inquisition offers you three methods on Object:

cleanse_attr *attributes, options
cleanse_attr_reader *attributes, options
cleanse_attr_writer *attributes, options

These methods will wrap your getters and/or setters for an attribute through a HTML5 Sanitizer. This should help to protect against most kinds of cross site scripting attacks.

For example:

cleanse_attr :name, :allow => {:name => /(<strong>)/}

The above example will clean all values written to or read from the name attribute, but will not remove strong tags.

Installation

sudo gem install thumblemonks-inquisition

Copyright

lib/html5lib_sanitize.rb Copyright © Jacques Distler

Everything else is Copyright © 2009 Alexander Rakoczy. See LICENSE for details.