protected Method

WhiteListSanitizer.process_attributes_for(node, options)

Source
Home > Ruby > Rails > Rails 2.0.2 > ActionPack EDGE > HTML > WhiteListSanitizer > process_attributes_for

There's no documentation for this item.

Source Code

# File action_controller/vendor/html-scanner/html/sanitizer.rb, line 155
def process_attributes_for(node, options)
  return unless node.attributes
  node.attributes.keys.each do |attr_name|
    value = node.attributes[attr_name].to_s

    if !options[:attributes].include?(attr_name) || contains_bad_protocols?(attr_name, value)
      node.attributes.delete(attr_name)
    else
      node.attributes[attr_name] = attr_name == 'style' ? sanitize_css(value) : CGI::escapeHTML(value)
    end
  end
end
Comments

Have your say
Please use Textile formatting (click here for a cheat sheet). Use <code/> and <pre/> for code samples.
Click here to login with OpenID to to post comments.