diff options
author | Timm <kaspth@gmail.com> | 2013-07-10 16:00:36 +0200 |
---|---|---|
committer | Timm <kaspth@gmail.com> | 2014-06-15 23:35:27 +0200 |
commit | 68f75b9795f1d9c3fc30f54e035d01d6d687d4fa (patch) | |
tree | c892437680619d1a0bb6c69dcad31d27d6b901d7 /actionview | |
parent | 55b453f2959ee176611732fa22b386916e9a9604 (diff) | |
download | rails-68f75b9795f1d9c3fc30f54e035d01d6d687d4fa.tar.gz rails-68f75b9795f1d9c3fc30f54e035d01d6d687d4fa.tar.bz2 rails-68f75b9795f1d9c3fc30f54e035d01d6d687d4fa.zip |
Extracted the xpath removals into some new API that allows users to remove xpath subtrees.
Diffstat (limited to 'actionview')
-rw-r--r-- | actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb index 8b1e76fec1..187d0ffbfa 100644 --- a/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb +++ b/actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb @@ -49,8 +49,7 @@ module ActionView @permit_scrubber.attributes = options[:attributes] loofah_fragment.scrub!(@permit_scrubber) else - loofah_fragment.xpath("./script").each { |script| script.remove } - loofah_fragment.xpath("./form").each { |form| form.remove } + remove_xpaths(loofah_fragment, %w(./script ./form)) loofah_fragment.scrub!(:strip) end loofah_fragment.to_s @@ -60,6 +59,13 @@ module ActionView Loofah::HTML5::Scrub.scrub_css style_string end + def remove_xpaths(html, *xpaths) + html = Loofah.fragment(html) unless html.is_a? Nokogiri::XML::DocumentFragment + xpaths.each do |xpath| + html.xpath(xpath).each { |subtree| subtree.remove } + end + end + def protocol_separator self.class.protocol_separator end |