Use a better HTML sanitizer that makes sure the HTML is well formed and
authorTom Hughes <tom@compton.nu>
Sat, 6 Mar 2010 15:38:13 +0000 (15:38 +0000)
committerTom Hughes <tom@compton.nu>
Sat, 6 Mar 2010 15:38:13 +0000 (15:38 +0000)
can add rel="nofollow" to links.

app/helpers/application_helper.rb
config/environment.rb
config/initializers/sanitize.rb [new file with mode: 0644]

index 7a4953f0ffdf79c835efb6c428474101f1f75178..2ed50216ff257d22ed58ed50a0b7eb3cd1c3bac7 100644 (file)
@@ -1,6 +1,10 @@
 module ApplicationHelper
   require 'rexml/document'
 
+  def sanitize(text)
+    Sanitize.clean(text, Sanitize::Config::OSM)
+  end
+
   def htmlize(text)
     return linkify(sanitize(simple_format(text)))
   end
index ba5241a21fc47a1d3a03c60a9fcab341585e5dac..539af83b2971842a09296fe6456493c4c79e3571 100644 (file)
@@ -53,6 +53,7 @@ Rails::Initializer.run do |config|
   config.gem 'oauth', :version => '>= 0.3.6'
   config.gem 'httpclient'
   config.gem 'SystemTimer', :version => '>= 1.1.3', :lib => 'system_timer'
+  config.gem 'sanitize'
 
   # Only load the plugins named here, in the order given. By default, all plugins
   # in vendor/plugins are loaded in alphabetical order.
diff --git a/config/initializers/sanitize.rb b/config/initializers/sanitize.rb
new file mode 100644 (file)
index 0000000..7360e27
--- /dev/null
@@ -0,0 +1,3 @@
+Sanitize::Config::OSM = Sanitize::Config::RELAXED.dup
+
+Sanitize::Config::OSM[:add_attributes] = { 'a' => { 'rel' => 'nofollow' } }