Mike Dalessio <mike.dalessio / gmail.com> wrote:

> loofah version 0.4.7 has been released!
> 
> * <http://github.com/flavorjones/loofah>
> * <http://loofah.rubyforge.org>
> * <http://rubyforge.org/projects/loofah>
> 
> Loofah is a general library for manipulating and transforming HTML/XML
> documents and fragments. It's built on top of Nokogiri and libxml2, so
> it's fast and has a nice API.
> 
> Loofah excels at HTML sanitization (XSS prevention). It includes some
> nice HTML sanitizers, which are based on HTML5lib's whitelist, so it
> most likely won't make your codes less secure. (These statements have
> not been evaluated by Netexperts.)


because i'm using daily nokogiri i wanted to test loofah with a small
script (coming from <http://loofah.rubyforge.org/loofah/>) :

#! /opt/local/bin/ruby1.9
# encoding: utf-8

require 'rubygems'
require 'nokogiri'
require 'loofah'

unsafe_html="ohai! <div>div is safe</div> <script>but script is
not</script>"

doc=Loofah.fragment(unsafe_html).scrub!(:strip)
puts doc.to_s

however i got :
SyntaxError:
/opt/local/lib/ruby1.9/gems/1.9.1/gems/loofah-1.0.0/lib/loofah/html5/scr
ub.rb:20: too short escaped multibyte character:
/`|[\000-\040\177\s]+|\302[\200-\240]/
method require in untitled document at line 29
method require in untitled document at line 29
method <top (required)> in loofah.rb at line 9
method require in untitled document at line 33
method rescue in require in untitled document at line 33
method require in untitled document at line 29
method <main> in loofah_first_test.rb at line 22


ruby 1.9.2p0 (2010-08-18 revision 29036) [x86_64-darwin10]
over Mac OS X SL

-- 
  ? L'homme vraiment libre est celui qui sait refuser une invitation ? 
    d?ner sans donner de pr?texte. ? 
    (Beaumarchais)