require 'sanitize'module HtmlSanitizer DEFAULT = { :protocols => {

1. require 'sanitize'
2.  
3. module HtmlSanitizer
4.  
5. DEFAULT = {
6. :protocols => {
7. "a" => { "href" => ["ftp", "http", "https", "mailto", :relative] },
8. "img" => { "src" => ["http", "https", :relative] },
9. "blockquote" => { "cite" => ["http", "https", :relative] },
10. "q" => { "cite" => ["http", "https", :relative] },
11. },
12. :attributes => {
13. "a" => ["href", "title"],
14. "img" => ["src", "alt", "title", "width", "height", "align"],
15. "blockquote" => ["cite"],
16. "q" => ["cite"],
17. },
18. :elements => %w(
19. a b blockquote br caption cite code dl dt dd em i img
20. li ol p pre q small strike strong sub sup u ul
21. ),
22. }
23.  
24. def self.clean html, mode = :default
25. return html if html.blank?
26. case mode.to_sym
27. when :default
28. Sanitize.clean(html, HtmlSanitizer::DEFAULT)
29. when :advanced
30. html
31. when :all
32. Sanitize.clean(html)
33. else
34. raise ArgumentError, "invalid mode, must be :default or :all"
35. end
36. end
37.  
38. end