Dmitri Borodaenko wrote:
> On Tue, 9 Nov 2004 02:47:11 +0900, James Britt
> <jamesunderbarb / neurogami.com> wrote:
> 
>>I added logging to my copy so that I could see what was being clobbered
>>during sanitization. Might be worth including this by default.
> 
> 
> Err, I can't throw Ruby dumps on unsuspecting Wiki users: my problem
> is not just to find the cause, but also to report it nicely.
> 
> 
>>I see that 'script' elements are deleted, as the yaml file makes no
>>mention of that element.
> 
> 
> Right, that was on purpose.

Ah, I see. I thought of this as the start of a general-purpose lib that 
might then be used by some more specific application.

A suggestion (motivated by self-interest): arrange for the code to allow 
all proper XHTML by default, with the option of passing in a set of 
elements and/or attributes that are disallowed at validation time.

For example, if you decide to disallow style or class attributes, you 
could pass this information in when calling sanitize

Perhaps sanitize could take an optional hash parameter
   sanitize(html, filter = {} )

and disallowed elements/attribute could be specified in perhaps as

  'script' => '', # no script element at all
  'img'    => 'usemap, height' # allow images, but
                               # no usemap or height attributes
  '*'      => 'style, class'   # no class or style on any element

Just a thought; it's easy to make suggestions when you're not writing 
the code ;)

This way, you need not keep editing the base yaml file when adjusting 
what to sanitize.

James