class HTML::WhiteListSanitizer

def sanitize_css(style)

Sanitizes a block of css code. Used by #sanitize when it comes across a style attribute

def sanitize_css(style)
  # disallow urls
  style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
  # gauntlet
  if style !~ /^([:,;#%.\sa-zA-Z0-9!]|\w-\w|\'[\s\w]+\'|\"[\s\w]+\"|\([\d,\s]+\))*$/ ||
      style !~ /^(\s*[-\w]+\s*:\s*[^:;]*(;|$)\s*)*$/
    return ''
  end
  clean = []
  style.scan(/([-\w]+)\s*:\s*([^:;]*)/) do |prop,val|
    if allowed_css_properties.include?(prop.downcase)
      clean <<  prop + ': ' + val + ';'
    elsif shorthand_css_properties.include?(prop.split('-')[0].downcase)
      unless val.split().any? do |keyword|
        !allowed_css_keywords.include?(keyword) &&
          keyword !~ /^(#[0-9a-f]+|rgb\(\d+%?,\d*%?,?\d*%?\)?|\d{0,2}\.?\d{0,2}(cm|em|ex|in|mm|pc|pt|px|%|,|\))?)$/
      end
        clean << prop + ': ' + val + ';'
      end
    end
  end
  clean.join(' ')
end

Instance Methods

# contains_bad_protocols?
# process_attributes_for
# process_node
# sanitize_css
# tokenize

Modules

Classes

class HTML::WhiteListSanitizer

def sanitize_css(style)

Instance Methods