Rails core - Jun 2013 - Using Loofah to gain control of what HTML tags get sanitized

Hi everyone

I''m Kasper. One part
of<http://weblog.rubyonrails.org/2013/5/27/rails-google-summer-of-code-projects/>
the
Rails Google Summer of Code participants. This means I will replace the 
venerable html-scanner with Loofah, picking up where this issue left off: 
https://github.com/rails/rails/issues/2550. Rafael França was assigned to 
that issue and he is my mentor during the summer.

I want to hear your thoughts about a new API that will take advantage of 
Loofahs custom scrubbers. Here''s the example I gave in my project
proposal<https://github.com/kaspth/gsoc-application>
:

class Comment < ActiveRecord::Base
  # block based
  # block takes a node
  scrubs :body do |node|
    node.remove if node.name == "script"
  end

  # method based
  # method is last argument and has a node parameter
  scrubs :name, :body, :remove_style_blocks 

  # list based via a kind option
  # options are based on the available scrubbers in Loofah
  scrubs :name, kind: :whitelist end

I really want to hear if this is something you would consider, and if so 
where we should define it. I was discussing this a bit with Rafael, and he 
said he wasn''t sure if it were to be defined in Active Model, Active 
Support or Action View.

Thanks for reading,
Kasper

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to rubyonrails-core+unsubscribe@googlegroups.com.
To post to this group, send email to rubyonrails-core@googlegroups.com.
Visit this group at http://groups.google.com/group/rubyonrails-core?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.