antisamy 0.2.1 → 0.3.0

data/lib/antisamy/csspool/rsac/stylesheet.rb

@@ -1,3 +1,3 @@
-require "antisamy/csspool/rsac/stylesheet/stylesheet"
-require "antisamy/csspool/rsac/stylesheet/rule"
-
+require "antisamy/csspool/rsac/stylesheet/stylesheet"
+require "antisamy/csspool/rsac/stylesheet/rule"
+

data/lib/antisamy/csspool/rsac/stylesheet/rule.rb

@@ -1,20 +1,20 @@
-require 'set'
-module RSAC
-  class StyleSheet
-    class Rule
-      include Comparable
-
-      attr_accessor :selector, :properties, :index
-      def initialize(selector, index, properties = [])
-        @selector = selector
-        @properties = Set.new(properties)
-        @index = index
-      end
-
-      def <=>(other)
-        comp = selector.specificity <=> other.selector.specificity
-        comp == 0 ? index <=> other.index : comp
-      end
-    end
-  end
-end
+require 'set'
+module RSAC
+  class StyleSheet
+    class Rule
+      include Comparable
+
+      attr_accessor :selector, :properties, :index
+      def initialize(selector, index, properties = [])
+        @selector = selector
+        @properties = Set.new(properties)
+        @index = index
+      end
+
+      def <=>(other)
+        comp = selector.specificity <=> other.selector.specificity
+        comp == 0 ? index <=> other.index : comp
+      end
+    end
+  end
+end

data/lib/antisamy/csspool/rsac/stylesheet/stylesheet.rb

@@ -1,76 +1,76 @@
-module RSAC
-  class StyleSheet < RSAC::DocumentHandler
-    attr_reader :rules
-
-    def initialize(sac)
-      @sac   = sac
-      @rules = []
-      @current_rules = []
-      @selector_index = 0
-    end
-
-    def start_selector(selectors)
-      selectors.each { |selector|
-        @current_rules << Rule.new(selector, @selector_index)
-      }
-    end
-
-    def end_selector(selectors)
-      @rules += @current_rules
-      @current_rules = []
-      @selector_index += 1
-      reduce!
-    end
-
-    def find_rule(rule)
-      rule = self.create_rule(rule) if rule.is_a?(String)
-      rules.find { |x| x.selector == rule.selector }
-    end
-    alias :[] :find_rule
-
-    def create_rule(rule)
-      Rule.new(@sac.parse_rule(rule).first, @selector_index += 1)
-    end
-
-    def property(name, value, important)
-      @current_rules.each { |selector|
-        selector.properties << [name, value, important]
-      }
-    end
-
-    # Get a hash of rules by property
-    def rules_by_property
-      rules_by_property = Hash.new { |h,k| h[k] = [] }
-      @rules.each { |sel|
-        props = sel.properties.to_a.sort_by { |x| x.hash } # HACK?
-        rules_by_property[props] << sel
-      }
-      rules_by_property
-    end
-
-    def to_css
-      rules_by_property.map do |properties, rules|
-        rules.map { |rule| rule.selector.to_css }.sort.join(', ') + " {\n" +
-          properties.map { |key,value,important|
-            # Super annoying.  If the property is font-family, its supposed to
-            # be commas
-            join_val = ('font-family' == key) ? ', ' : ' '
-            values = [value].flatten.join(join_val)
-            "#{key}:#{values}#{important ? ' !important' : ''};"
-          }.join("\n") + "\n}"
-      end.sort.join("\n")
-    end
-
-    private
-    # Remove duplicate rules
-    def reduce!
-      unique_rules = {}
-      @rules.each do |rule|
-        (unique_rules[rule.selector] ||= rule).properties += rule.properties
-      end
-      @rules = unique_rules.values
-      self
-    end
-  end
-end
-
+module RSAC
+  class StyleSheet < RSAC::DocumentHandler
+    attr_reader :rules
+
+    def initialize(sac)
+      @sac   = sac
+      @rules = []
+      @current_rules = []
+      @selector_index = 0
+    end
+
+    def start_selector(selectors)
+      selectors.each { |selector|
+        @current_rules << Rule.new(selector, @selector_index)
+      }
+    end
+
+    def end_selector(selectors)
+      @rules += @current_rules
+      @current_rules = []
+      @selector_index += 1
+      reduce!
+    end
+
+    def find_rule(rule)
+      rule = self.create_rule(rule) if rule.is_a?(String)
+      rules.find { |x| x.selector == rule.selector }
+    end
+    alias :[] :find_rule
+
+    def create_rule(rule)
+      Rule.new(@sac.parse_rule(rule).first, @selector_index += 1)
+    end
+
+    def property(name, value, important)
+      @current_rules.each { |selector|
+        selector.properties << [name, value, important]
+      }
+    end
+
+    # Get a hash of rules by property
+    def rules_by_property
+      rules_by_property = Hash.new { |h,k| h[k] = [] }
+      @rules.each { |sel|
+        props = sel.properties.to_a.sort_by { |x| x.hash } # HACK?
+        rules_by_property[props] << sel
+      }
+      rules_by_property
+    end
+
+    def to_css
+      rules_by_property.map do |properties, rules|
+        rules.map { |rule| rule.selector.to_css }.sort.join(', ') + " {\n" +
+          properties.map { |key,value,important|
+            # Super annoying.  If the property is font-family, its supposed to
+            # be commas
+            join_val = ('font-family' == key) ? ', ' : ' '
+            values = [value].flatten.join(join_val)
+            "#{key}:#{values}#{important ? ' !important' : ''};"
+          }.join("\n") + "\n}"
+      end.sort.join("\n")
+    end
+
+    private
+    # Remove duplicate rules
+    def reduce!
+      unique_rules = {}
+      @rules.each do |rule|
+        (unique_rules[rule.selector] ||= rule).properties += rule.properties
+      end
+      @rules = unique_rules.values
+      self
+    end
+  end
+end
+

data/lib/antisamy/html/handler.rb

@@ -1,99 +1,112 @@
-module AntiSamy
-
-  class Handler
-
-    attr_accessor :errors
-    def initialize(policy,output) #:nodoc:
-      @document = Nokogiri::HTML::DocumentFragment.parse("")
-      @current_node = @document
-      @policy = policy
-      @preserve_whitespace = @policy.directive(Policy::PRESERVE_SPACE)
-      @errors = []
-      @output_encoding = output
-    end
-
-    # HTML entity encode some text
-    def encode_text(text)
-      return "" if text.nil?
-      @document.encode_special_chars(text)
-    end
-
-    # create a cdata section
-    def cdata(text)
-      node = Nokogiri::XML::CDATA.new(@document,text)
-      @current_node.add_child(node)
-    end
-
-    # create a comment
-    def comment(text) #:nodoc:
-      @current_node.add_child(Nokogiri::XML::Comment.new(@document, text))
-    end
-
-    # create a text node
-    def characters(text)
-      node = @current_node.children.last
-      if node and node.text?
-        node.content += text
-      else
-        @current_node.add_child(Nokogiri::XML::Text.new(text, @document))
-      end
-    end
-
-    # start an element
-    def start_element(name,attributes)
-      if name.eql?("head") or name.eql?("body") or name.eql?("html")
-        return
-      end
-      elem = Nokogiri::XML::Element.new(name, @document)
-      attributes.each do |attrib_pair|
-        elem[attrib_pair.first] = attrib_pair.last
-      end
-      # Special param tag hacking, as libxml/nokogiri doesnt generate an end tag
-      # for param tags it seems
-      if name.eql?("param")
-        inner_html = "<param"
-        attributes.each do |attrib_pair|
-          inner_html<< " #{attrib_pair.first}=\"#{attrib_pair.last}\""
-        end
-        inner_html << "/>"
-        # we create a fake cdata node, add it *and* dont move our parent yet
-        elem = Nokogiri::XML::CDATA.new(@document,inner_html)
-        @current_node.add_child(elem)
-        return
-      end
-      @current_node = @current_node.add_child(elem)
-    end
-
-    #end an element
-    def end_element(name)
-      if @current_node.nil? or !@current_node.name.eql?(name)
-        return
-      end
-      @current_node = @current_node.parent if @current_node.parent
-    end
-
-    # format the output applying any policy rules
-    def document
-      # check some directives
-      indent = 0
-      options = Nokogiri::XML::Node::SaveOptions::NO_EMPTY_TAGS
-      if @policy.directive(Policy::FORMAT_OUTPUT)
-        options |= Nokogiri::XML::Node::SaveOptions::FORMAT
-        indent = 2
-      end
-      if @policy.directive(Policy::OMIT_DOC_TYPE) || @policy.directive(Policy::OMIT_XML_DECL)
-        options |= Nokogiri::XML::Node::SaveOptions::NO_DECLARATION
-      end
-
-      clean = ""
-      if @policy.directive(Policy::USE_XHTML)
-        options |= Nokogiri::XML::Node::SaveOptions::AS_XHTML
-        clean = @document.to_xhtml(:encoding => @output_encoding, :indent=>indent,:save_with=>options)
-      else
-        clean = @document.to_html(:encoding => @output_encoding, :indent=>indent,:save_with=>options)
-      end
-      return clean
-    end
-
-  end
-end
+module AntiSamy
+
+  class Handler
+
+    attr_accessor :errors
+    def initialize(policy,output,fragment = true) #:nodoc:
+      @document = Nokogiri::HTML::DocumentFragment.parse("")
+      @current_node = @document
+      @policy = policy
+      @preserve_whitespace = @policy.directive(Policy::PRESERVE_SPACE)
+      @errors = []
+      @output_encoding = output
+	  @fragment = fragment
+    end
+
+    # HTML entity encode some text
+    def encode_text(text)
+      return "" if text.nil?
+      @document.encode_special_chars(text)
+    end
+
+    # create a cdata section
+    def cdata(text)
+      node = Nokogiri::XML::CDATA.new(@document,text)
+      @current_node.add_child(node)
+    end
+
+    # create a comment
+    def comment(text) #:nodoc:
+      @current_node.add_child(Nokogiri::XML::Comment.new(@document, text))
+    end
+
+    # create a text node
+    def characters(text)
+      node = @current_node.children.last
+      if node and node.text?
+        node.content += text
+      else
+        @current_node.add_child(Nokogiri::XML::Text.new(text, @document))
+      end
+    end
+
+    # start an element
+    def start_element(name,attributes)
+	  if @fragment
+		if name.eql?("head") or name.eql?("body") or name.eql?("html")
+			return
+		end
+	  end
+      elem = Nokogiri::XML::Element.new(name, @document)
+      attributes.each do |attrib_pair|
+        elem[attrib_pair.first] = attrib_pair.last
+      end
+      # Special param tag hacking, as libxml/nokogiri doesnt generate an end tag
+      # for param tags it seems
+      if name.eql?("param")
+        inner_html = "<param"
+        attributes.each do |attrib_pair|
+          inner_html<< " #{attrib_pair.first}=\"#{attrib_pair.last}\""
+        end
+        inner_html << "/>"
+        # we create a fake cdata node, add it *and* dont move our parent yet
+        elem = Nokogiri::XML::CDATA.new(@document,inner_html)
+        @current_node.add_child(elem)
+        return
+      end
+      @current_node = @current_node.add_child(elem)
+    end
+
+    #end an element
+    def end_element(name)
+      if @current_node.nil? or !@current_node.name.eql?(name)
+        return
+      end
+	  if @current_node.children.empty?
+		if @policy.allow_empty?(@current_node.name)
+			@current_node = @current_node.parent if @current_node.parent
+		else
+			tnode = @current_node
+			@current_node = @current_node.parent if @current_node.parent
+			tnode.remove
+		end
+	  else
+		@current_node = @current_node.parent if @current_node.parent
+	  end
+    end
+
+    # format the output applying any policy rules
+    def document
+      # check some directives
+      indent = 0
+      options = Nokogiri::XML::Node::SaveOptions::NO_EMPTY_TAGS
+      if @policy.directive(Policy::FORMAT_OUTPUT)
+        options |= Nokogiri::XML::Node::SaveOptions::FORMAT
+        indent = 2
+      end
+      if @policy.directive(Policy::OMIT_DOC_TYPE) || @policy.directive(Policy::OMIT_XML_DECL)
+        options |= Nokogiri::XML::Node::SaveOptions::NO_DECLARATION
+      end
+
+      clean = ""
+      if @policy.directive(Policy::USE_XHTML)
+        options |= Nokogiri::XML::Node::SaveOptions::AS_XHTML
+        clean = @document.to_xhtml(:encoding => @output_encoding, :indent=>indent,:save_with=>options)
+      else
+        clean = @document.to_html(:encoding => @output_encoding, :indent=>indent,:save_with=>options)
+      end
+      return clean
+    end
+
+  end
+end

data/lib/antisamy/html/sax_filter.rb

@@ -1,302 +1,305 @@
-module AntiSamy
-  # Quick and Dirty Stack class
-  class Stack
-    def initialize
-      @stack = []
-    end
-    # push an emement ont he stack
-    def push(v)
-      @stack.push v
-    end
-    # pop an element off the stack
-    def pop
-      @stack.pop
-    end
-    # size of stack
-    def size
-      @stack.size
-    end
-    # is the stack empty
-    def empty?
-      @stack.empty?
-    end
-    # peek to see what next element is
-    def peek?(v)
-      return false if @stack.empty?
-      return @stack.last.eql?(v)
-    end
-
-    def peek
-      @stack.last
-    end
-
-  end
-
-  class SaxFilter < Nokogiri::XML::SAX::Document
-    def initialize(policy,handler,param_tag)
-      @policy = policy
-      @handler = handler
-      @stack = Stack.new
-      @css_content = nil
-      @css_attributes = nil
-      @css_scanner = CssScanner.new(policy)
-      @param_tag = param_tag
-    end
-
-    def error(text)
-    end
-
-    def warning(text)
-    end
-
-    # Always create a HTML document unless the DECL was set beforehand
-    def start_document
-    end
-
-    # Add a comment block
-    def comment(text)
-      return if text.nil?
-      if @policy.directive(Policy::PRESERVE_COMMENTS) =~ /true/i
-        # Strip out conditional directives
-        text.gsub!(%r{<!?!\[(?:end)?if*\]}ixm,"")
-        text.gsub!(%r{\[(?:if).*\]>},"")
-        @handler.comment(text)
-      end
-    end
-
-    def convert_array(x)
-      if x and x.first.is_a?(Array)
-        return x
-      end
-      i = 0
-      h = []
-      while i < x.size
-        m = []
-        m[0] = x[i]
-        m[1] = x[i+1]
-        h << m
-        i += 2
-      end
-      h
-    end
-
-    def fetch_attribute(array,key)
-      array.each do |pair|
-        if pair.first.eql?(key)
-          return pair.last
-        end
-      end
-      nil
-    end
-
-    # Start an element,
-    def start_element(name, attributes = [])
-      attributes = convert_array(attributes)
-      o_attributes = attributes.dup
-      tag = @policy.tag(name)
-      masquerade = false
-      embed_name = nil
-      embed_value = nil
-      # Handle validate param tag as an embed tag
-      if tag.nil? && @policy.directive(Policy::VALIDATE_P_AS_E) && name.eql?("param")
-        embed = @param_tag
-        if @policy.tag("embed")
-          embed = @policy.tag("embed")
-        end
-        if embed and embed.action == Policy::ACTION_VALIDATE
-          tag = embed
-          masquerade = true
-          embed_name = fetch_attribute(attributes,"name")
-          embed_value = fetch_attribute(attributes,"value")
-          attributes = [ [embed_name,embed_value] ]
-        end
-      end
-      valid_attributes = []
-      if @stack.peek?(:css) or @stack.peek?(:remove)
-        # We are in remove mode to remove this tag as well as any child style elements if css mode
-        @stack.push(:remove)
-      elsif (tag.nil? && @policy.directive(Policy::ON_UNKNOWN_TAG).eql?("encode")) or (!tag.nil? && tag.action.eql?(Policy::ACTION_ENCODE)) or @policy.encode?(name.downcase)
-        tmp = "<#{name}>"
-        @handler.characters(tmp)
-        @stack.push(:filter)
-      elsif tag.nil?
-        # We ignore missing HTML and BODY tags since we are fragment parsing, but the 
-        # Nokogiri HTML::SAX parser injects HTML/BODY if they are missing
-        unless name.eql?("html") or name.eql?("body")
-          @handler.errors << ScanMessage.new(ScanMessage::ERROR_TAG_NOT_IN_POLICY,name)
-        end
-        # Nokogiri work around for a style tag being auto inserted inot head
-        if name.eql?("head")
-          @stack.push(:remove)
-        else
-          @stack.push(:filter)
-        end
-      elsif tag.action.eql?(Policy::ACTION_FILTER)
-        @handler.errors << ScanMessage.new(ScanMessage::ERROR_TAG_FILTERED,name)
-        @stack.push(:filter)
-      elsif tag.action.eql?(Policy::ACTION_VALIDATE)
-        # Handle validation
-        remove_tag = false
-        filter_tag = false
-        is_style = name.include?("style")
-        if is_style
-          @stack.push(:css)
-          @css_content = ''
-          @css_attributes = []
-        else
-          # Validate attributes
-          attributes.each do |pair|
-            a_name = pair.first
-            a_value = pair.last
-            attrib = tag.attribute(a_name.downcase)
-            if attrib.nil?
-              attrib = @policy.global(a_name.downcase)
-            end
-            # check if the attribute is a style
-            if a_name.eql?("style")
-              # Handle Style tags
-               begin
-                 results = @css_scanner.scan_inline(a_value,name,@policy.max_input)
-                 unless result.clean_html.empty?
-                   valid_attributes << [a_name,results.clean_html]
-                 end
-                 @handler.errors << results.messages
-                 @handler.errors.flatten!
-               rescue Exception => e
-                 @handler.errors << ScanMessage.new(ScanMessage::ERROR_CSS_ATTRIBUTE_MALFORMED,name,@handler.encode_text(a_value))
-               end
-            elsif !attrib.nil? # Attribute is not nil lets check it
-              valid = false
-              attrib.values.each do |av|
-                if av.eql?(a_value)
-                  valid_attributes << [a_name,a_value]
-                  valid = true
-                  break
-                end
-              end
-              unless valid
-                attrib.expressions.each do |ae|
-                  mc = ae.match(a_value)
-                  if mc and mc.to_s == a_value
-                    valid_attributes << [a_name,a_value]
-                    valid = true
-                    break
-                  end
-                end
-              end
-              # we check the matches
-              if !valid && attrib.action.eql?(Attribute::ACTION_REMOVE_TAG)
-                @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_INVALID_REMOVED,tag.name,@handler.encode_text(a_name),@handler.encode_text(a_value))
-                remove_tag = true
-              elsif !valid && attrib.action.eql?(Attribute::ACTION_FILTER_TAG)
-                @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_CAUSE_FILTER,tag.name,@handler.encode_text(a_name),@handler.encode_text(a_value))
-                filter_tag = true
-              elsif !valid
-                @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_INVALID,tag.name,@handler.encode_text(a_name),@handler.encode_text(a_value))
-              end
-
-            else # attribute was null
-              @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_NOT_IN_POLICY,tag.name,a_name,@handler.encode_text(a_value))
-              if masquerade
-                filter_tag = true
-              end
-            end
-          end # end attirubte loop
-        end
-        if remove_tag
-          @stack.push(:remove)
-        elsif filter_tag
-          @stack.push(:filter)
-        else
-          if name.eql?("a") and @policy.directive(Policy::ANCHROS_NOFOLLOW)
-            valid_attributes << ["rel","nofollow"]
-          end
-          if masquerade
-            valid_attributes = []
-            valid_attributes << ["name",embed_name]
-            valid_attributes << ["value",embed_value]
-          end
-          @stack.push(:keep) unless @stack.peek?(:css)
-        end
-        # End validation action
-      elsif tag.action.eql?(Policy::ACTION_TRUNCATE)
-        @stack.push(:truncate)
-      else
-        @handler.errors << ScanMessage.new(ScanMessage::ERROR_TAG_DISALLOWED,name)
-        @stack.push(:remove)
-      end
-      # We now know wether to keep or truncat this tag
-      if @stack.peek?(:truncate)
-        @handler.start_element(name,[])
-      elsif @stack.peek?(:keep)
-        @handler.start_element(name,valid_attributes)
-      end
-    end
-
-    def start_element_namespace(name,attrs=[],prefix = nil, uri = nil, ns = nil)
-      start_element(name,attrs)
-    end
-
-    def end_element_namespace(name,prefix,uri)
-      end_element(name)
-    end
-
-    # Add character data to the current tag
-    def characters(text)
-      unless text =~ /\S/ # skip whitespace
-        return unless @policy.directive(Policy::PRESERVE_SPACE)
-      end
-      if @stack.peek?(:css)
-        @css_content << text
-      elsif !@stack.peek?(:remove)
-        @handler.characters(text)
-      end
-    end
-
-    # End an elements, will raise an error on a loose tag
-    def end_element(name)
-      if @stack.peek?(:remove)
-        @stack.pop
-      elsif @stack.peek?(:filter)
-        @stack.pop
-      elsif @stack.peek?(:css)
-        @stack.pop
-        # Do css stuff here
-         begin
-           results = @css_scanner.scan_sheet(@css_content,@policy.max_input)
-           @handler.errors << results.messages
-           @handler.errors.flatten!
-           unless results.clean_html.nil? or results.clean_html.empty?
-             @handler.start_element(name,@css_attributes)
-             @handler.characters results.clean_html
-             @handler.end_element(name)
-           else
-             @handler.start_element(name,@css_attributes)
-             @handler.characters "/* */"
-             @handler.end_element(name)             
-           end
-         rescue Exception => e
-           puts e
-           @handler.errors << ScanMessage.new(ScanMessage::ERROR_CSS_TAG_MALFORMED,name,@handler.encode_text(@css_content))
-         ensure
-           @css_content = nil
-           @css_attributes = nil
-         end
-      else
-        @stack.pop
-        @handler.end_element(name)
-      end
-    end
-
-    # Add cdata a cdata block
-    def cdata_block(text)
-      if @stack.peek?(:css)
-        @css_content << text
-      elsif !@stack.peek?(:remove)
-        @handler.characters(text)
-      else
-        @handler.cdata(@handler.encode_text(text)) unless @stack.peek == :remove
-      end
-    end
-  end
-end
+module AntiSamy
+  # Quick and Dirty Stack class
+  class Stack
+    def initialize
+      @stack = []
+    end
+    # push an emement ont he stack
+    def push(v)
+      @stack.push v
+    end
+    # pop an element off the stack
+    def pop
+      @stack.pop
+    end
+    # size of stack
+    def size
+      @stack.size
+    end
+    # is the stack empty
+    def empty?
+      @stack.empty?
+    end
+    # peek to see what next element is
+    def peek?(v)
+      return false if @stack.empty?
+      return @stack.last.eql?(v)
+    end
+
+    def peek
+      @stack.last
+    end
+
+  end
+
+  class SaxFilter < Nokogiri::XML::SAX::Document
+    def initialize(policy,handler,param_tag,fragment = true)
+      @policy = policy
+      @handler = handler
+      @stack = Stack.new
+      @css_content = nil
+      @css_attributes = nil
+      @css_scanner = CssScanner.new(policy)
+      @param_tag = param_tag
+	  @fragment = fragment
+    end
+
+    def error(text)
+    end
+
+    def warning(text)
+    end
+
+    # Always create a HTML document unless the DECL was set beforehand
+    def start_document
+    end
+
+    # Add a comment block
+    def comment(text)
+      return if text.nil?
+      if @policy.directive(Policy::PRESERVE_COMMENTS) =~ /true/i
+        # Strip out conditional directives
+        text.gsub!(%r{<!?!\[(?:end)?if*\]}ixm,"")
+        text.gsub!(%r{\[(?:if).*\]>},"")
+        @handler.comment(text)
+      end
+    end
+
+    def convert_array(x)
+      if x and x.first.is_a?(Array)
+        return x
+      end
+      i = 0
+      h = []
+      while i < x.size
+        m = []
+        m[0] = x[i]
+        m[1] = x[i+1]
+        h << m
+        i += 2
+      end
+      h
+    end
+
+    def fetch_attribute(array,key)
+      array.each do |pair|
+        if pair.first.eql?(key)
+          return pair.last
+        end
+      end
+      nil
+    end
+
+    # Start an element,
+    def start_element(name, attributes = [])
+      attributes = convert_array(attributes)
+      o_attributes = attributes.dup
+      tag = @policy.tag(name)
+      masquerade = false
+      embed_name = nil
+      embed_value = nil
+      # Handle validate param tag as an embed tag
+      if tag.nil? && @policy.directive(Policy::VALIDATE_P_AS_E) && name.eql?("param")
+        embed = @param_tag
+        if @policy.tag("embed")
+          embed = @policy.tag("embed")
+        end
+        if embed and embed.action == Policy::ACTION_VALIDATE
+          tag = embed
+          masquerade = true
+          embed_name = fetch_attribute(attributes,"name")
+          embed_value = fetch_attribute(attributes,"value")
+          attributes = [ [embed_name,embed_value] ]
+        end
+      end
+      valid_attributes = []
+      if @stack.peek?(:css) or @stack.peek?(:remove)
+        # We are in remove mode to remove this tag as well as any child style elements if css mode
+        @stack.push(:remove)
+      elsif (tag.nil? && @policy.directive(Policy::ON_UNKNOWN_TAG).eql?("encode")) or (!tag.nil? && tag.action.eql?(Policy::ACTION_ENCODE)) or @policy.encode?(name.downcase)
+        tmp = "<#{name}>"
+        @handler.characters(tmp)
+        @stack.push(:filter)
+      elsif tag.nil?
+        # We ignore missing HTML and BODY tags since we are fragment parsing, but the 
+        # Nokogiri HTML::SAX parser injects HTML/BODY if they are missing
+        if @fragment
+			unless name.eql?("html") or name.eql?("body")
+				@handler.errors << ScanMessage.new(ScanMessage::ERROR_TAG_NOT_IN_POLICY,name)
+			end
+			# Nokogiri work around for a style tag being auto inserted inot head
+		end
+		if name.eql?("head") && @fragment
+          @stack.push(:remove)
+        else
+          @stack.push(:filter)
+        end
+      elsif tag.action.eql?(Policy::ACTION_FILTER)
+        @handler.errors << ScanMessage.new(ScanMessage::ERROR_TAG_FILTERED,name)
+        @stack.push(:filter)
+      elsif tag.action.eql?(Policy::ACTION_VALIDATE)
+        # Handle validation
+        remove_tag = false
+        filter_tag = false
+        is_style = name.include?("style")
+        if is_style
+          @stack.push(:css)
+          @css_content = ''
+          @css_attributes = []
+        else
+          # Validate attributes
+          attributes.each do |pair|
+            a_name = pair.first
+            a_value = pair.last
+            attrib = tag.attribute(a_name.downcase)
+            if attrib.nil?
+              attrib = @policy.global(a_name.downcase)
+            end
+            # check if the attribute is a style
+            if a_name.eql?("style")
+              # Handle Style tags
+               begin
+                 results = @css_scanner.scan_inline(a_value,name,@policy.max_input)
+                 unless result.clean_html.empty?
+                   valid_attributes << [a_name,results.clean_html]
+                 end
+                 @handler.errors << results.messages
+                 @handler.errors.flatten!
+               rescue Exception => e
+                 @handler.errors << ScanMessage.new(ScanMessage::ERROR_CSS_ATTRIBUTE_MALFORMED,name,@handler.encode_text(a_value))
+               end
+            elsif !attrib.nil? # Attribute is not nil lets check it
+              valid = false
+              attrib.values.each do |av|
+                if av.eql?(a_value)
+                  valid_attributes << [a_name,a_value]
+                  valid = true
+                  break
+                end
+              end
+              unless valid
+                attrib.expressions.each do |ae|
+                  mc = ae.match(a_value)
+                  if mc and mc.to_s == a_value
+                    valid_attributes << [a_name,a_value]
+                    valid = true
+                    break
+                  end
+                end
+              end
+              # we check the matches
+              if !valid && attrib.action.eql?(Attribute::ACTION_REMOVE_TAG)
+                @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_INVALID_REMOVED,tag.name,@handler.encode_text(a_name),@handler.encode_text(a_value))
+                remove_tag = true
+              elsif !valid && attrib.action.eql?(Attribute::ACTION_FILTER_TAG)
+                @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_CAUSE_FILTER,tag.name,@handler.encode_text(a_name),@handler.encode_text(a_value))
+                filter_tag = true
+              elsif !valid
+                @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_INVALID,tag.name,@handler.encode_text(a_name),@handler.encode_text(a_value))
+              end
+
+            else # attribute was null
+              @handler.errors << ScanMessage.new(ScanMessage::ERROR_ATTRIBUTE_NOT_IN_POLICY,tag.name,a_name,@handler.encode_text(a_value))
+              if masquerade
+                filter_tag = true
+              end
+            end
+          end # end attirubte loop
+        end
+        if remove_tag
+          @stack.push(:remove)
+        elsif filter_tag
+          @stack.push(:filter)
+        else
+          if name.eql?("a") and @policy.directive(Policy::ANCHORS_NOFOLLOW)
+            valid_attributes << ["rel","nofollow"]
+          end
+          if masquerade
+            valid_attributes = []
+            valid_attributes << ["name",embed_name]
+            valid_attributes << ["value",embed_value]
+          end
+          @stack.push(:keep) unless @stack.peek?(:css)
+        end
+        # End validation action
+      elsif tag.action.eql?(Policy::ACTION_TRUNCATE)
+        @stack.push(:truncate)
+      else
+        @handler.errors << ScanMessage.new(ScanMessage::ERROR_TAG_DISALLOWED,name)
+        @stack.push(:remove)
+      end
+      # We now know wether to keep or truncat this tag
+      if @stack.peek?(:truncate)
+        @handler.start_element(name,[])
+      elsif @stack.peek?(:keep)
+        @handler.start_element(name,valid_attributes)
+      end
+    end
+
+    def start_element_namespace(name,attrs=[],prefix = nil, uri = nil, ns = nil)
+      start_element(name,attrs)
+    end
+
+    def end_element_namespace(name,prefix,uri)
+      end_element(name)
+    end
+
+    # Add character data to the current tag
+    def characters(text)
+      unless text =~ /\S/ # skip whitespace
+        return unless @policy.directive(Policy::PRESERVE_SPACE)
+      end
+      if @stack.peek?(:css)
+        @css_content << text
+      elsif !@stack.peek?(:remove)
+        @handler.characters(text)
+      end
+    end
+
+    # End an elements, will raise an error on a loose tag
+    def end_element(name)
+      if @stack.peek?(:remove)
+        @stack.pop
+      elsif @stack.peek?(:filter)
+        @stack.pop
+      elsif @stack.peek?(:css)
+        @stack.pop
+        # Do css stuff here
+         begin
+           results = @css_scanner.scan_sheet(@css_content,@policy.max_input)
+           @handler.errors << results.messages
+           @handler.errors.flatten!
+           unless results.clean_html.nil? or results.clean_html.empty?
+             @handler.start_element(name,@css_attributes)
+             @handler.characters results.clean_html
+             @handler.end_element(name)
+           else
+             @handler.start_element(name,@css_attributes)
+             @handler.characters "/* */"
+             @handler.end_element(name)             
+           end
+         rescue Exception => e
+           puts e
+           @handler.errors << ScanMessage.new(ScanMessage::ERROR_CSS_TAG_MALFORMED,name,@handler.encode_text(@css_content))
+         ensure
+           @css_content = nil
+           @css_attributes = nil
+         end
+      else
+        @stack.pop
+        @handler.end_element(name)
+      end
+    end
+
+    # Add cdata a cdata block
+    def cdata_block(text)
+      if @stack.peek?(:css)
+        @css_content << text
+      elsif !@stack.peek?(:remove)
+        @handler.characters(text)
+      else
+        @handler.cdata(@handler.encode_text(text)) unless @stack.peek == :remove
+      end
+    end
+  end
+end