On Jun 29, 5:59 pm, Xdmx Xdmx <[email protected]> wrote: > Hi, i wan't to permit users to send their own content, text, html, and > stuff like that. It should also be permit them to send their own design, > using div, span, internal style attributes and so on. Obviously i'd like > to protect everything forbidding javascript, but permitting object and > embedded (for youtube, gvideo, etc). > From a previous post the suggestion was > wonko/sanitize:http://www.ruby-forum.com/topic/186697 > But i've not found time to try it yet. > Btw, my question now is another, how can i remove external links, but > keeping the text link and internal links? > I mean, if a user insert "<a href="http://externaldomain.com";>my > site</a>" it should be sanitized to just "my site", instead if he insert > "<a href="http://domain.com";>read this page</a>" it should keep it as it > is (domain.com is "whitelisted"). And it also should remove others like > mailto:, ftp:, etc (just keep http and https) > Any hint about this ? (considering the first lines about styles, and > which sanitezer to use) > thank you > -- > Posted viahttp://www.ruby-forum.com/.
even without Sanitizer, this seems fairly trivial: irb(main):017:0> links = "<a href='http://FACE.com'>click here for your FACE</a><br /><a href='http://whitelisted.com'>this domain is allowed</a>" irb(main):018:0> allowed = "http://whitelisted.com"; irb(main):019:0> doc = Hpricot links irb(main):020:0> (doc/"//a").each { |tag| tag.swap(tag.inner_text) unless tag[:href] == allowed } href="http://whitelisted.com";> "this domain is allowed" </a>}]> irb(main):021:0> doc.to_s => "click here for your FACE<br /><a href=\"http://whitelisted.com \">this domain is allowed</a>" --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
