Changesets can be listed by changeset number.
The Git repository is here.
- Revision:
- 173
- Log:
Updated to latest release of Beast according to the "getting started with
Beast" guide at:http://beast.caboo.se/forums/1/topics/381
This check-in includes frozen Edge Rails and has the beginnings of
configuration for the ROOL site included.
- Author:
- rool
- Date:
- Fri Mar 02 15:59:12 +0000 2007
- Size:
- 1161 Bytes
1 | WhiteList |
2 | ========= |
3 | |
4 | This White Listing helper will html encode all tags and strip all attributes that aren't specifically allowed. |
5 | It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any |
6 | tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out |
7 | the extensive test suite. |
8 | |
9 | <%= white_list @article.body %> |
10 | |
11 | You can add or remove tags/attributes if you want to customize it a bit. |
12 | |
13 | Add table tags |
14 | |
15 | WhiteListHelper.tags.merge %w(table td th) |
16 | |
17 | Remove tags |
18 | |
19 | WhiteListHelper.tags.delete 'div' |
20 | |
21 | Change allowed attributes |
22 | |
23 | WhiteListHelper.attributes.merge %w(id class style) |
24 | |
25 | white_list accepts a block for custom tag escaping. Shown below is the default block that white_list uses if none is given. |
26 | The block is called for all bad tags, and every text node. node is an instance of HTML::Node (either HTML::Tag or HTML::Text). |
27 | bad is nil for text nodes inside good tags, or is the tag name of the bad tag. |
28 | |
29 | <%= white_list(@article.body) { |node, bad| white_listed_bad_tags.include?(bad) ? nil : node.to_s.gsub(/</, '<') } %> |