module Loofah::HTML5::Scrub

def scrub_uri_attribute(attr_node)

Experimental RBS support (using type sampling data from the type_fusion project). 

def scrub_uri_attribute: (Nokogiri::XML::Attr attr_node) -> false

This signature was generated using 3 samples from 1 application. 

def scrub_uri_attribute(attr_node)
  # this block lifted nearly verbatim from HTML5 sanitization
  val_unescaped = CGI.unescapeHTML(attr_node.value).gsub(CONTROL_CHARACTERS, "").downcase
  if val_unescaped =~ /^[a-z0-9][-+.a-z0-9]*:/ &&
      !SafeList::ALLOWED_PROTOCOLS.include?(val_unescaped.split(SafeList::PROTOCOL_SEPARATOR)[0])
    attr_node.remove
    return true
  elsif val_unescaped.split(SafeList::PROTOCOL_SEPARATOR)[0] == "data"
    # permit only allowed data mediatypes
    mediatype = val_unescaped.split(SafeList::PROTOCOL_SEPARATOR)[1]
    mediatype, _ = mediatype.split(";")[0..1] if mediatype
    if mediatype && !SafeList::ALLOWED_URI_DATA_MEDIATYPES.include?(mediatype)
      attr_node.remove
      return true
    end
  end
  false
end