Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have some “namespaced” custom tags(developed with radius gem) that i would like to use in my rails application. I’d like to use sanitize gem to prevent xss-attacks, but there are no descriptions how to configure namespace in sanitize. Is there any possible way?
The sanitize gem doesn’t support namespaces. Briefly looking at the code for sanitize, neither the transform class that cleans elements nor the way it actually parses html gives Nokogiri (the xml parser underlying sanitize) the information it needs to be able to recognise and process namespaces), so without modifying sanitize to support this, it’s not going to be possible.
You’ll be able to see the tags without the prefixed-namespaces in sanitize, so if they all have custom names that don’t collide with any other tags, you can specify those, but with sanitize as it is currently written, you can’t filter namespace-specific tags.