Comments (7)
This sounds a lot like https://github.com/straight-shoota/sanitize
I published this as a shard for independent development and because of its complexity. I could see this shard (or a similar implementation) becoming a part of stdlib if we consider the use case to be very common. It's certainly a very important feature when you're dealing with untrusted HTML content.
An important aspect to such a security component is auditing. It would be devastating if a sanitization library becomes a liability (like the Python XSS example). So far, I'm not aware that my shard has received any relevant peer review.
from crystal.
Absolutely excellent, and I wish I'd been able to come across that in my searches.
from crystal.
Yeah, I guess there are quite a lot different terms for this kind of thing. Probably because you can view and resolve the problem from different angles. So that's not ideal for search.
What did you look for and where? Maybe we can improve discoverability a bit.
from crystal.
I was focused on the keyword "striptags". I looked in the HTML parsing section of awesome-crystal, and I search github for lang:Crystal striptags
-- which is where I came across the inner-text pattern in crinja I referenced.
from crystal.
Thanks. lang:Crystal striptags
works now 😏
https://shardbox.org/categories/HTML_XML_Parsing would've brought you there as well.
from crystal.
I've forgotten about or never heard of shardbox.org, but that makes me realize that I would have found it with https://shards.info/search?query=html too.
from crystal.
this example also similar to strip tags: https://github.com/kostya/lexbor/blob/master/examples/texts.cr
from crystal.
Related Issues (20)
- Some `#[]?(Range)` methods can still raise `IndexError`
- Interpreter hits Invalid memory access (after Error: BUG: no target defs) HOT 1
- Multiplication of Int64 and Int32 may result in Int32 (risking overflows at runtime) HOT 4
- Huge `JSON::ParseException` HOT 5
- `Number#humanize` and `Int#humanize_bytes` should separate number and unit by a space HOT 1
- Regression: Interrupted system call in CI HOT 6
- Unwinding is slow on WSL HOT 8
- add something like ruby un.rb or cmake -E for cross platform scripts HOT 3
- regression: XPath swallows errors and raises opaque `error in [...] expression` instead HOT 1
- Proposal: Utility method for string truncation HOT 2
- Debugging Windows binaries with LLDB doesn't break on access violation
- Manage compiler dependencies with `shards` HOT 6
- Passing `Proc`s with non-default calling conventions across libs HOT 4
- Standardizing the type for timeout values HOT 1
- Symbol casting to Enums does not work in subclass initializers HOT 5
- OpenSSL errors that don't involve `ERR_get_error`
- Config requirements for LLVM bindings
- Return type of `unbuffered_read`/`unbuffered_write` HOT 2
- Inconsistent `JSON::Serializable` behavior when parsing case-sensitive `Enum`s HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from crystal.