glebm-sanitize 1.2.1.1

data/HISTORY

@@ -0,0 +1,90 @@
+Sanitize History
+================================================================================
+
+Version 1.2.1 (2010-04-20)
+  * Added a :remove_contents config setting. If set to true, Sanitize will
+    remove the contents of all non-whitelisted elements in addition to the
+    elements themselves. If set to an Array of element names, Sanitize will
+    remove the contents of only those elements (when filtered), and leave the
+    contents of other filtered elements. [Thanks to Rafael Souza for the Array
+    option]
+  * Added an :output_encoding config setting to allow the character encoding for
+    HTML output to be specified. The default is 'utf-8'.
+  * The environment hash passed into transformers now includes a :node_name item
+    containing the lowercase name of the current HTML node (e.g. "div").
+  * Returning anything other than a Hash or nil from a transformer will now
+    raise a meaningful Sanitize::Error exception rather than an unintended
+    NameError.
+
+Version 1.2.0 (2010-01-17)
+  * Requires Nokogiri ~> 1.4.1.
+  * Added support for transformers, which allow you to filter and alter nodes
+    using your own custom logic, on top of (or instead of) Sanitize's core
+    filter. See the README for details and examples.
+  * Added Sanitize.clean_node!, which sanitizes a Nokogiri::XML::Node and all
+    its children.
+  * Added elements <h1> through <h6> to the Relaxed whitelist. [Suggested by
+    David Reese]
+
+Version 1.1.0 (2009-10-11)
+  * Migrated from Hpricot to Nokogiri. Requires libxml2 >= 2.7.2 [Adam Hooper]
+  * Added an :output config setting to allow the output format to be specified.
+    Supported formats are :xhtml (the default) and :html (which outputs HTML4).
+  * Changed protocol regex to ensure Sanitize doesn't kill URLs with colons in 
+    path segments. [Peter Cooper]
+
+Version 1.0.8 (2009-04-23)
+  * Added a workaround for an Hpricot bug that prevents attribute names from
+    being downcased in recent versions of Hpricot. This was exploitable to
+    prevent non-whitelisted protocols from being cleaned. [Reported by Ben
+    Wanicur]
+
+Version 1.0.7 (2009-04-11)
+  * Requires Hpricot 0.8.1+, which is finally compatible with Ruby 1.9.1.
+  * Fixed a bug that caused named character entities containing digits (like
+    &sup2;) to be escaped when they shouldn't have been. [Reported by Sebastian
+    Steinmetz]
+
+Version 1.0.6 (2009-02-23)
+  * Removed htmlentities gem dependency.
+  * Existing well-formed character entity references in the input string are now
+    preserved rather than being decoded and re-encoded.
+  * The ' character is now encoded as &#39; instead of &apos; to prevent
+    problems in IE6.
+  * You can now specify the symbol :all in place of an element name in the
+    attributes config hash to allow certain attributes on all elements. [Thanks
+    to Mutwin Kraus]
+
+Version 1.0.5 (2009-02-05)
+  * Fixed a bug introduced in version 1.0.3 that prevented non-whitelisted
+    protocols from being cleaned when relative URLs were allowed. [Reported by
+    Dev Purkayastha]
+  * Fixed "undefined method `parent='" exceptions caused by parser changes in
+    edge Hpricot.
+
+Version 1.0.4 (2009-01-16)
+  * Fixed a bug that made it possible to sneak a non-whitelisted element through
+    by repeating it several times in a row. All versions of Sanitize prior to
+    1.0.4 are vulnerable. [Reported by Cristobal]
+
+Version 1.0.3 (2009-01-15)
+  * Fixed a bug whereby incomplete Unicode or hex entities could be used to
+    prevent non-whitelisted protocols from being cleaned. Since IE6 and Opera
+    still decode the incomplete entities, users of those browsers may be
+    vulnerable to malicious script injection on websites using versions of
+    Sanitize prior to 1.0.3.
+
+Version 1.0.2 (2009-01-04)
+  * Fixed a bug that caused an exception to be thrown when parsing a valueless
+    attribute that's expected to contain a URL.
+
+Version 1.0.1 (2009-01-01)
+  * You can now specify :relative in a protocol config array to allow attributes
+    containing relative URLs with no protocol. The Basic and Relaxed configs
+    have been updated to allow relative URLs.
+  * Added a workaround for an Hpricot bug that causes HTML entities for
+    non-ASCII characters to be replaced by question marks, and all other
+    entities to be destructively decoded.
+
+Version 1.0.0 (2008-12-25)
+  * First release.

data/LICENSE

@@ -0,0 +1,18 @@
+Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the 'Software'), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,334 @@
+= Sanitize
+
+Sanitize is a whitelist-based HTML sanitizer. Given a list of acceptable
+elements and attributes, Sanitize will remove all unacceptable HTML from a
+string.
+
+Using a simple configuration syntax, you can tell Sanitize to allow certain
+elements, certain attributes within those elements, and even certain URL
+protocols within attributes that contain URLs. Any HTML elements or attributes
+that you don't explicitly allow will be removed.
+
+Because it's based on Nokogiri, a full-fledged HTML parser, rather than a bunch
+of fragile regular expressions, Sanitize has no trouble dealing with malformed
+or maliciously-formed HTML, and will always output valid HTML or XHTML.
+
+*Author*::    Ryan Grove (mailto:ryan@wonko.com)
+*Version*::   1.2.1 (2010-04-20)
+*Copyright*:: Copyright (c) 2010 Ryan Grove. All rights reserved.
+*License*::   MIT License (http://opensource.org/licenses/mit-license.php)
+*Website*::   http://github.com/rgrove/sanitize
+
+== Requires
+
+* Nokogiri ~> 1.4.1
+* libxml2 >= 2.7.2
+
+== Installation
+
+Latest stable release:
+
+  gem install sanitize
+
+Latest development version:
+
+  gem install sanitize --pre
+
+== Usage
+
+If you don't specify any configuration options, Sanitize will use its strictest
+settings by default, which means it will strip all HTML and leave only text
+behind.
+
+  require 'rubygems'
+  require 'sanitize'
+
+  html = '<b><a href="http://foo.com/">foo</a></b><img src="http://foo.com/bar.jpg" />'
+
+  Sanitize.clean(html) # => 'foo'
+
+== Configuration
+
+In addition to the ultra-safe default settings, Sanitize comes with three other
+built-in modes.
+
+=== Sanitize::Config::RESTRICTED
+
+Allows only very simple inline formatting markup. No links, images, or block
+elements.
+
+  Sanitize.clean(html, Sanitize::Config::RESTRICTED) # => '<b>foo</b>'
+
+=== Sanitize::Config::BASIC
+
+Allows a variety of markup including formatting tags, links, and lists. Images
+and tables are not allowed, links are limited to FTP, HTTP, HTTPS, and mailto
+protocols, and a <code>rel="nofollow"</code> attribute is added to all links to
+mitigate SEO spam.
+
+  Sanitize.clean(html, Sanitize::Config::BASIC)
+  # => '<b><a href="http://foo.com/" rel="nofollow">foo</a></b>'
+
+=== Sanitize::Config::RELAXED
+
+Allows an even wider variety of markup than BASIC, including images and tables.
+Links are still limited to FTP, HTTP, HTTPS, and mailto protocols, while images
+are limited to HTTP and HTTPS. In this mode, <code>rel="nofollow"</code> is not
+added to links.
+
+  Sanitize.clean(html, Sanitize::Config::RELAXED)
+  # => '<b><a href="http://foo.com/">foo</a></b><img src="http://foo.com/bar.jpg" />'
+
+=== Custom Configuration
+
+If the built-in modes don't meet your needs, you can easily specify a custom
+configuration:
+
+  Sanitize.clean(html, :elements => ['a', 'span'],
+      :attributes => {'a' => ['href', 'title'], 'span' => ['class']},
+      :protocols => {'a' => {'href' => ['http', 'https', 'mailto']}})
+
+==== :add_attributes (Hash)
+
+Attributes to add to specific elements. If the attribute already exists, it will
+be replaced with the value specified here. Specify all element names and
+attributes in lowercase.
+
+  :add_attributes => {
+    'a' => {'rel' => 'nofollow'}
+  }
+
+==== :attributes (Hash)
+
+Attributes to allow for specific elements. Specify all element names and
+attributes in lowercase.
+
+  :attributes => {
+    'a'          => ['href', 'title'],
+    'blockquote' => ['cite'],
+    'img'        => ['alt', 'src', 'title']
+  }
+
+If you'd like to allow certain attributes on all elements, use the symbol
+<code>:all</code> instead of an element name.
+
+  :attributes => {
+    :all => ['class'],
+    'a'  => ['href', 'title']
+  }
+
+==== :allow_comments (boolean)
+
+Whether or not to allow HTML comments. Allowing comments is strongly
+discouraged, since IE allows script execution within conditional comments. The
+default value is <code>false</code>.
+
+==== :elements (Array)
+
+Array of element names to allow. Specify all names in lowercase.
+
+  :elements => [
+    'a', 'b', 'blockquote', 'br', 'cite', 'code', 'dd', 'dl', 'dt', 'em',
+    'i', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong', 'sub',
+    'sup', 'u', 'ul'
+  ]
+
+==== :output (Symbol)
+
+Output format. Supported formats are <code>:html</code> and <code>:xhtml</code>,
+defaulting to <code>:xhtml</code>.
+
+==== :output_encoding (String)
+
+Character encoding to use for HTML output. Default is <code>'utf-8'</code>.
+
+==== :protocols (Hash)
+
+URL protocols to allow in specific attributes. If an attribute is listed here
+and contains a protocol other than those specified (or if it contains no
+protocol at all), it will be removed.
+
+  :protocols => {
+    'a'   => {'href' => ['ftp', 'http', 'https', 'mailto']},
+    'img' => {'src'  => ['http', 'https']}
+  }
+
+If you'd like to allow the use of relative URLs which don't have a protocol,
+include the symbol <code>:relative</code> in the protocol array:
+
+  :protocols => {
+    'a' => {'href' => ['http', 'https', :relative]}
+  }
+
+==== :remove_contents (boolean or Array)
+
+If set to +true+, Sanitize will remove the contents of any non-whitelisted
+elements in addition to the elements themselves. By default, Sanitize leaves the
+safe parts of an element's contents behind when the element is removed.
+
+If set to an Array of element names, then only the contents of the specified
+elements (when filtered) will be removed, and the contents of all other filtered
+elements will be left behind.
+
+The default value is <code>false</code>.
+
+==== :transformers
+
+See below.
+
+=== Transformers
+
+Transformers allow you to filter and alter nodes using your own custom logic, on
+top of (or instead of) Sanitize's core filter. A transformer is any object that
+responds to <code>call()</code> (such as a lambda or proc) and returns either
+<code>nil</code> or a Hash containing certain optional response values.
+
+To use one or more transformers, pass them to the <code>:transformers</code>
+config setting:
+
+  Sanitize.clean(html, :transformers => [transformer_one, transformer_two])
+
+==== Input
+
+Each registered transformer's <code>call()</code> method will be called once for
+each element node in the HTML, and will receive as an argument an environment
+Hash that contains the following items:
+
+[<code>:config</code>]
+  The current Sanitize configuration Hash.
+
+[<code>:node</code>]
+  A Nokogiri::XML::Node object representing an HTML element.
+
+[<code>:node_name</code>]
+  The name of the current HTML node, always lowercase (e.g. "div" or "span").
+
+==== Processing
+
+Each transformer has full access to the Nokogiri::XML::Node that's passed into
+it and to the rest of the document via the node's <code>document()</code>
+method. Any changes will be reflected instantly in the document and passed on to
+subsequently-called transformers and to Sanitize itself. A transformer may even
+call Sanitize internally to perform custom sanitization if needed.
+
+Nodes are passed into transformers in the order in which they're traversed. It's
+important to note that Nokogiri traverses markup from the deepest node upward,
+not from the first node to the last node:
+
+  html        = '<div><span>foo</span></div>'
+  transformer = lambda{|env| puts env[:node].name }
+
+  # Prints "span", then "div".
+  Sanitize.clean(html, :transformers => transformer)
+
+Transformers have a tremendous amount of power, including the power to
+completely bypass Sanitize's built-in filtering. Be careful!
+
+==== Output
+
+A transformer may return either +nil+ or a Hash. A return value of +nil+
+indicates that the transformer does not wish to act on the current node in any
+way. A returned Hash may contain the following items, all of which are optional:
+
+[<code>:attr_whitelist</code>]
+  Array of attribute names to add to the whitelist for the current node, in
+  addition to any whitelisted attributes already defined in the current config.
+
+[<code>:node</code>]
+  A Nokogiri::XML::Node object that should replace the current node. All
+  subsequent transformers and Sanitize itself will receive this new node.
+
+[<code>:whitelist</code>]
+  If _true_, the current node (and only the current node) will be whitelisted,
+  regardless of the current Sanitize config.
+
+[<code>:whitelist_nodes</code>]
+  Array of specific Nokogiri::XML::Node objects to whitelist, anywhere in the
+  document, regardless of the current Sanitize config.
+
+==== Example: Transformer to whitelist YouTube video embeds
+
+The following example demonstrates how to create a Sanitize transformer that
+will safely whitelist valid YouTube video embeds without having to blindly allow
+other kinds of embedded content, which would be the case if you tried to do this
+by just whitelisting all <code><object></code>, <code><embed></code>, and
+<code><param></code> elements:
+
+  lambda do |env|
+    node      = env[:node]
+    node_name = env[:node_name]
+    parent    = node.parent
+
+    # Since the transformer receives the deepest nodes first, we look for a
+    # <param> element or an <embed> element whose parent is an <object>.
+    return nil unless (node_name == 'param' || node_name == 'embed') &&
+        parent.name.to_s.downcase == 'object'
+
+    if node_name == 'param'
+      # Quick XPath search to find the <param> node that contains the video URL.
+      return nil unless movie_node = parent.search('param[@name="movie"]')[0]
+      url = movie_node['value']
+    else
+      # Since this is an <embed>, the video URL is in the "src" attribute. No
+      # extra work needed.
+      url = node['src']
+    end
+
+    # Verify that the video URL is actually a valid YouTube video URL.
+    return nil unless url =~ /^http:\/\/(?:www\.)?youtube\.com\/v\//
+
+    # We're now certain that this is a YouTube embed, but we still need to run
+    # it through a special Sanitize step to ensure that no unwanted elements or
+    # attributes that don't belong in a YouTube embed can sneak in.
+    Sanitize.clean_node!(parent, {
+      :elements   => ['embed', 'object', 'param'],
+      :attributes => {
+        'embed'  => ['allowfullscreen', 'allowscriptaccess', 'height', 'src', 'type', 'width'],
+        'object' => ['height', 'width'],
+        'param'  => ['name', 'value']
+      }
+    })
+
+    # Now that we're sure that this is a valid YouTube embed and that there are
+    # no unwanted elements or attributes hidden inside it, we can tell Sanitize
+    # to whitelist the current node (<param> or <embed>) and its parent
+    # (<object>).
+    {:whitelist_nodes => [node, parent]}
+  end
+
+== Contributors
+
+The following lovely people have contributed to Sanitize in the form of patches
+or ideas that later became code:
+
+* Wilson Bilkovich <wilson@supremetyrant.com>
+* Peter Cooper <git@peterc.org>
+* Gabe da Silveira <gabe@websaviour.com>
+* Ryan Grove <ryan@wonko.com>
+* Adam Hooper <adam@adamhooper.com>
+* Mutwin Kraus <mutle@blogage.de>
+* Dev Purkayastha <dev.purkayastha@gmail.com>
+* David Reese <work@whatcould.com>
+* Rafael Souza <me@rafaelss.com>
+* Ben Wanicur <bwanicur@verticalresponse.com>
+
+== License
+
+Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the 'Software'), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of
+the Software, and to permit persons to whom the Software is furnished to do so,
+subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS
+FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR
+COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER
+IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
+CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/lib/sanitize.rb

@@ -0,0 +1,247 @@
+# encoding: utf-8
+#--
+# Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
+#
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the 'Software'), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#++
+
+require 'nokogiri'
+require 'sanitize/version'
+require 'sanitize/config'
+require 'sanitize/config/restricted'
+require 'sanitize/config/basic'
+require 'sanitize/config/relaxed'
+
+class Sanitize
+  attr_reader :config
+
+  # Matches an attribute value that could be treated by a browser as a URL
+  # with a protocol prefix, such as "http:" or "javascript:". Any string of zero
+  # or more characters followed by a colon is considered a match, even if the
+  # colon is encoded as an entity and even if it's an incomplete entity (which
+  # IE6 and Opera will still parse).
+  REGEX_PROTOCOL = /^([A-Za-z0-9\+\-\.\&\;\#\s]*?)(?:\:|&#0*58|&#x0*3a)/i
+
+  #--
+  # Class Methods
+  #++
+
+  # Returns a sanitized copy of _html_, using the settings in _config_ if
+  # specified.
+  def self.clean(html, config = {})
+    sanitize = Sanitize.new(config)
+    sanitize.clean(html)
+  end
+
+  # Performs Sanitize#clean in place, returning _html_, or +nil+ if no changes
+  # were made.
+  def self.clean!(html, config = {})
+    sanitize = Sanitize.new(config)
+    sanitize.clean!(html)
+  end
+
+  # Sanitizes the specified Nokogiri::XML::Node and all its children.
+  def self.clean_node!(node, config = {})
+    sanitize = Sanitize.new(config)
+    sanitize.clean_node!(node)
+  end
+
+  #--
+  # Instance Methods
+  #++
+
+  # Returns a new Sanitize object initialized with the settings in _config_.
+  def initialize(config = {})
+    # Sanitize configuration.
+    @config = Config::DEFAULT.merge(config)
+    @config[:transformers] = Array(@config[:transformers].dup)
+
+    # Convert the list of allowed elements to a Hash for faster lookup.
+    @allowed_elements = {}
+    @config[:elements].each {|el| @allowed_elements[el] = true }
+
+    # Convert the list of :remove_contents elements to a Hash for faster lookup.
+    @remove_all_contents     = false
+    @remove_element_contents = {}
+
+    if @config[:remove_contents].is_a?(Array)
+      @config[:remove_contents].each {|el| @remove_element_contents[el] = true }
+    else
+      @remove_all_contents = !!@config[:remove_contents]
+    end
+
+    # Specific nodes to whitelist (along with all their attributes). This array
+    # is generated at runtime by transformers, and is cleared before and after
+    # a fragment is cleaned (so it applies only to a specific fragment).
+    @whitelist_nodes = []
+  end
+
+  # Returns a sanitized copy of _html_.
+  def clean(html)
+    if html
+      dupe = html.dup
+      clean!(dupe) || dupe
+    end
+  end
+
+  # Performs clean in place, returning _html_, or +nil+ if no changes were
+  # made.
+  def clean!(html)
+    fragment = Nokogiri::HTML::DocumentFragment.parse(html)
+    clean_node!(fragment)
+
+    output_method_params = {:encoding => @config[:output_encoding], :indent => 0}
+
+    if @config[:output] == :xhtml
+      output_method = fragment.method(:to_xhtml)
+      output_method_params[:save_with] = Nokogiri::XML::Node::SaveOptions::AS_XHTML
+    elsif @config[:output] == :html
+      output_method = fragment.method(:to_html)
+    else
+      raise Error, "unsupported output format: #{@config[:output]}"
+    end
+
+    result = output_method.call(output_method_params)
+
+    return result == html ? nil : html[0, html.length] = result
+  end
+
+  # Sanitizes the specified Nokogiri::XML::Node and all its children.
+  def clean_node!(node)
+    raise ArgumentError unless node.is_a?(Nokogiri::XML::Node)
+
+    @whitelist_nodes = []
+
+    node.traverse do |child|
+      if child.element?
+        clean_element!(child)
+      elsif child.comment?
+        child.unlink unless @config[:allow_comments]
+      elsif child.cdata?
+        child.replace(Nokogiri::XML::Text.new(child.text, child.document))
+      end
+    end
+
+    @whitelist_nodes = []
+
+    node
+  end
+
+  private
+
+  def clean_element!(node)
+    # Run this node through all configured transformers.
+    transform = transform_element!(node)
+
+    # If this node is in the dynamic whitelist array (built at runtime by
+    # transformers), let it live with all of its attributes intact.
+    return if @whitelist_nodes.include?(node)
+
+    name = node.name.to_s.downcase
+
+    # Delete any element that isn't in the whitelist.
+    unless transform[:whitelist] || @allowed_elements[name]
+      unless @remove_all_contents || @remove_element_contents[name]
+        node.children.each { |n| node.add_previous_sibling(n) }
+      end
+
+      node.unlink
+
+      return
+    end
+
+    attr_whitelist = (transform[:attr_whitelist] +
+        (@config[:attributes][name] || []) +
+        (@config[:attributes][:all] || [])).uniq
+
+    if attr_whitelist.empty?
+      # Delete all attributes from elements with no whitelisted attributes.
+      node.attribute_nodes.each {|attr| attr.remove }
+    else
+      # Delete any attribute that isn't in the whitelist for this element.
+      node.attribute_nodes.each do |attr|
+        attr.unlink unless attr_whitelist.include?(attr.name.downcase)
+      end
+
+      # Delete remaining attributes that use unacceptable protocols.
+      if @config[:protocols].has_key?(name)
+        protocol = @config[:protocols][name]
+
+        node.attribute_nodes.each do |attr|
+          attr_name = attr.name.downcase
+          next false unless protocol.has_key?(attr_name)
+
+          del = if attr.value.to_s.downcase =~ REGEX_PROTOCOL
+            !protocol[attr_name].include?($1.downcase)
+          else
+            !protocol[attr_name].include?(:relative)
+          end
+
+          attr.unlink if del
+        end
+      end
+    end
+
+    # Add required attributes.
+    if @config[:add_attributes].has_key?(name)
+      @config[:add_attributes][name].each do |key, val|
+        node[key] = val
+      end
+    end
+
+    transform
+  end
+
+  def transform_element!(node)
+    output = {
+      :attr_whitelist => [],
+      :node           => node,
+      :whitelist      => false
+    }
+
+    @config[:transformers].inject(node) do |transformer_node, transformer|
+      transform = transformer.call({
+        :config    => @config,
+        :node      => transformer_node,
+        :node_name => transformer_node.name.downcase
+      })
+
+      if transform.nil?
+        transformer_node
+      elsif transform.is_a?(Hash)
+        if transform[:whitelist_nodes].is_a?(Array)
+          @whitelist_nodes += transform[:whitelist_nodes]
+          @whitelist_nodes.uniq!
+        end
+
+        output[:attr_whitelist]  += transform[:attr_whitelist] if transform[:attr_whitelist].is_a?(Array)
+        output[:whitelist]      ||= true if transform[:whitelist]
+        output[:node]             = transform[:node].is_a?(Nokogiri::XML::Node) ? transform[:node] : output[:node]
+      else
+        raise Error, "transformer output must be a Hash or nil"
+      end
+    end
+
+    node.replace(output[:node]) if node != output[:node]
+
+    return output
+  end
+
+  class Error < StandardError; end
+end

data/lib/sanitize/config.rb

@@ -0,0 +1,70 @@
+#--
+# Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the 'Software'), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#++
+
+class Sanitize
+  module Config
+    DEFAULT = {
+      # Whether or not to allow HTML comments. Allowing comments is strongly
+      # discouraged, since IE allows script execution within conditional
+      # comments.
+      :allow_comments => false,
+
+      # HTML attributes to add to specific elements. By default, no attributes
+      # are added.
+      :add_attributes => {},
+
+      # HTML attributes to allow in specific elements. By default, no attributes
+      # are allowed.
+      :attributes => {},
+
+      # HTML elements to allow. By default, no elements are allowed (which means
+      # that all HTML will be stripped).
+      :elements => [],
+
+      # Output format. Supported formats are :html and :xhtml (which is the
+      # default).
+      :output => :xhtml,
+
+      # Character encoding to use for HTML output. Default is 'utf-8'.
+      :output_encoding => 'utf-8',
+
+      # URL handling protocols to allow in specific attributes. By default, no
+      # protocols are allowed. Use :relative in place of a protocol if you want
+      # to allow relative URLs sans protocol.
+      :protocols => {},
+
+      # If this is true, Sanitize will remove the contents of any filtered
+      # elements in addition to the elements themselves. By default, Sanitize
+      # leaves the safe parts of an element's contents behind when the element
+      # is removed.
+      #
+      # If this is an Array of element names, then only the contents of the
+      # specified elements (when filtered) will be removed, and the contents of
+      # all other filtered elements will be left behind.
+      :remove_contents => false,
+
+      # Transformers allow you to filter or alter nodes using custom logic. See
+      # README.rdoc for details and examples.
+      :transformers => []
+    }
+  end
+end

data/lib/sanitize/config/basic.rb

@@ -0,0 +1,49 @@
+#--
+# Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the 'Software'), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#++
+
+class Sanitize
+  module Config
+    BASIC = {
+      :elements => [
+        'a', 'b', 'blockquote', 'br', 'cite', 'code', 'dd', 'dl', 'dt', 'em',
+        'i', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong', 'sub',
+        'sup', 'u', 'ul'],
+
+      :attributes => {
+        'a'          => ['href'],
+        'blockquote' => ['cite'],
+        'q'          => ['cite']
+      },
+
+      :add_attributes => {
+        'a' => {'rel' => 'nofollow'}
+      },
+
+      :protocols => {
+        'a'          => {'href' => ['ftp', 'http', 'https', 'mailto',
+                                    :relative]},
+        'blockquote' => {'cite' => ['http', 'https', :relative]},
+        'q'          => {'cite' => ['http', 'https', :relative]}
+      }
+    }
+  end
+end

data/lib/sanitize/config/relaxed.rb

@@ -0,0 +1,57 @@
+#--
+# Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the 'Software'), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#++
+
+class Sanitize
+  module Config
+    RELAXED = {
+      :elements => [
+        'a', 'b', 'blockquote', 'br', 'caption', 'cite', 'code', 'col',
+        'colgroup', 'dd', 'dl', 'dt', 'em', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
+        'i', 'img', 'li', 'ol', 'p', 'pre', 'q', 'small', 'strike', 'strong',
+        'sub', 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'tr', 'u',
+        'ul'],
+
+      :attributes => {
+        'a'          => ['href', 'title'],
+        'blockquote' => ['cite'],
+        'col'        => ['span', 'width'],
+        'colgroup'   => ['span', 'width'],
+        'img'        => ['align', 'alt', 'height', 'src', 'title', 'width'],
+        'ol'         => ['start', 'type'],
+        'q'          => ['cite'],
+        'table'      => ['summary', 'width'],
+        'td'         => ['abbr', 'axis', 'colspan', 'rowspan', 'width'],
+        'th'         => ['abbr', 'axis', 'colspan', 'rowspan', 'scope',
+                         'width'],
+        'ul'         => ['type']
+      },
+
+      :protocols => {
+        'a'          => {'href' => ['ftp', 'http', 'https', 'mailto',
+                                    :relative]},
+        'blockquote' => {'cite' => ['http', 'https', :relative]},
+        'img'        => {'src'  => ['http', 'https', :relative]},
+        'q'          => {'cite' => ['http', 'https', :relative]}
+      }
+    }
+  end
+end

data/lib/sanitize/config/restricted.rb

@@ -0,0 +1,29 @@
+#--
+# Copyright (c) 2010 Ryan Grove <ryan@wonko.com>
+# 
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the 'Software'), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+# 
+# The above copyright notice and this permission notice shall be included in all
+# copies or substantial portions of the Software.
+# 
+# THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+# SOFTWARE.
+#++
+
+class Sanitize
+  module Config
+    RESTRICTED = {
+      :elements => ['b', 'em', 'i', 'strong', 'u']
+    }
+  end
+end

data/lib/sanitize/version.rb

@@ -0,0 +1,3 @@
+class Sanitize
+  VERSION = '1.2.1.1'
+end

metadata

@@ -0,0 +1,124 @@
+--- !ruby/object:Gem::Specification 
+name: glebm-sanitize
+version: !ruby/object:Gem::Version 
+  hash: 73
+  prerelease: false
+  segments: 
+  - 1
+  - 2
+  - 1
+  - 1
+  version: 1.2.1.1
+platform: ruby
+authors: 
+- Ryan Grove
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-07-19 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: glebm-nokogiri
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 7
+        segments: 
+        - 1
+        - 4
+        version: "1.4"
+  type: :runtime
+  version_requirements: *id001
+- !ruby/object:Gem::Dependency 
+  name: bacon
+  prerelease: false
+  requirement: &id002 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 19
+        segments: 
+        - 1
+        - 1
+        - 0
+        version: 1.1.0
+  type: :development
+  version_requirements: *id002
+- !ruby/object:Gem::Dependency 
+  name: rake
+  prerelease: false
+  requirement: &id003 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ~>
+      - !ruby/object:Gem::Version 
+        hash: 63
+        segments: 
+        - 0
+        - 8
+        - 0
+        version: 0.8.0
+  type: :development
+  version_requirements: *id003
+description: 
+email: glex.spb@gmail.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: []
+
+files: 
+- HISTORY
+- LICENSE
+- README.rdoc
+- lib/sanitize/config/restricted.rb
+- lib/sanitize/config/basic.rb
+- lib/sanitize/config/relaxed.rb
+- lib/sanitize/config.rb
+- lib/sanitize/version.rb
+- lib/sanitize.rb
+has_rdoc: true
+homepage: http://github.com/rgrove/sanitize/
+licenses: []
+
+post_install_message: 
+rdoc_options: []
+
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 59
+      segments: 
+      - 1
+      - 8
+      - 6
+      version: 1.8.6
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: riposte
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Whitelist-based HTML sanitizer.
+test_files: []
+