html_sanitize_ex v1.4.3

HtmlSanitizeEx.Scrubber.NoScrub (html_sanitize_ex v1.4.3) View Source

Scrubs neither tags, nor their attributes.

This meant for testing purposes and as a template for your own scrubber.

Link to this section Summary

Functions

before_scrub(html)

Can be used to preprocess the given +html+ String before it is scrubbed.

scrub(text)

Scrubs its argument. Possible arguments are the following.

scrub_attribute(tag, attribute)

Scrubs a single attribute for a given tag.

Link to this section Functions

Link to this function

before_scrub(html)

View Source

Can be used to preprocess the given +html+ String before it is scrubbed.

Link to this function

scrub(text)

View Source

Scrubs its argument. Possible arguments are the following.

  • A single tag given its attributes and children: {tag, attributes, children}. In this case calls scrub_attribute/2 to scrub individual attributes.
  • Tokens like comments and doctypes: {_token, children}.
  • A text node.
Link to this function

scrub_attribute(tag, attribute)

View Source

Scrubs a single attribute for a given tag.

You can utilize scrub_attribute to write custom matchers so you can sanitize specific attributes of specific tags:

As an example, if you only want to allow href attribute with the "http" and "https" protocols, you could implement it like this:

def scrub_attribute("a", {"href", "http" <> target}) do
  {"href", "http" <> target}
end

def scrub_attribute("a", {"href", _}) do
  nil
end