Commit c912d6d2 authored by Ben Ubois's avatar Ben Ubois

Strip contents of <script> tags. Fixes feedbin/support#49.

parent 0cd61362
......@@ -35,6 +35,7 @@ module HTML
div ins del sup sub p ol ul table blockquote dl dt dd
kbd q samp var hr ruby rt rp li tr td th
),
:remove_contents => ['script'],
:attributes => {
'a' => ['href'],
'img' => ['src'],
......
......@@ -44,4 +44,9 @@ class HTML::Pipeline::SanitizationFilterTest < Test::Unit::TestCase
stuff = '<a href="github-windows://spillthelog">Spill this yo</a> and so on'
assert_equal stuff, SanitizationFilter.call(stuff).to_s
end
def test_script_contents_are_removed
orig = '<script>JavaScript!</script>'
assert_equal "", SanitizationFilter.call(orig).to_s
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment