Comments (7)
This sounds a lot like https://github.com/straight-shoota/sanitize
I published this as a shard for independent development and because of its complexity. I could see this shard (or a similar implementation) becoming a part of stdlib if we consider the use case to be very common. It's certainly a very important feature when you're dealing with untrusted HTML content.
An important aspect to such a security component is auditing. It would be devastating if a sanitization library becomes a liability (like the Python XSS example). So far, I'm not aware that my shard has received any relevant peer review.
from crystal.
Absolutely excellent, and I wish I'd been able to come across that in my searches.
from crystal.
Yeah, I guess there are quite a lot different terms for this kind of thing. Probably because you can view and resolve the problem from different angles. So that's not ideal for search.
What did you look for and where? Maybe we can improve discoverability a bit.
from crystal.
I was focused on the keyword "striptags". I looked in the HTML parsing section of awesome-crystal, and I search github for lang:Crystal striptags
-- which is where I came across the inner-text pattern in crinja I referenced.
from crystal.
Thanks. lang:Crystal striptags
works now 😏
https://shardbox.org/categories/HTML_XML_Parsing would've brought you there as well.
from crystal.
I've forgotten about or never heard of shardbox.org, but that makes me realize that I would have found it with https://shards.info/search?query=html too.
from crystal.
this example also similar to strip tags: https://github.com/kostya/lexbor/blob/master/examples/texts.cr
from crystal.
Related Issues (20)
- Add API for `Base64.encode` / `Base64.decode` with an `IO` as the source HOT 3
- Add methods for filling a buffer from an IO greedily/lazily HOT 5
- Enable `ameba` in this repo HOT 19
- formatter cause syntax error. HOT 2
- `Crypto::Subtle.constant_time_compare` does not work with `StaticArray` / Cannot overwrite `StaticArray` variable HOT 2
- Parser failure on argument list with trailing comma HOT 6
- RFC: Tracing HOT 8
- `Crystal::System::User#from_*?` et al. don't work if required buffer size greater than initial buffer size HOT 1
- If any system user entry exceeds `GETPW_R_SIZE_MAX`, retreiving any user is impossible HOT 2
- `IO#same_content?` returns `true` if `stream1` is a prefix of `stream2` HOT 1
- `docs_main.cr` is a mess HOT 1
- Interpreter Error: can't cast Pointer(Void) to (Pointer(Void) | String)
- Parser considers empty argument list with trailing comma as invalid HOT 5
- Sockets are inherited by subprocesses HOT 5
- Calling String::Formatter#format, when running from a directory with a long path, causes an infinit hang when compiled in release mode. HOT 9
- `Socket#close_on_exec?` fails to build on Windows
- `Indexable#find` and `#find!` with start offsets
- False positive for "Recursive struct detected" HOT 2
- Struct#pretty_print Sorts Fields by Name HOT 6
- Hex Array Literals HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crystal.