Clojure and me has moved.

Wednesday, April 22, 2009

Sanitizing HTML with Enlive

This post has moved, go to its new location
net.cgrand.enlive-html=> (sniptest "<div id=user-data>" 
[:#user-data] (html-content "code injection<script>alert('boo')</script>")
[:#user-data (but #{:p :br :a :strong :em})] nil)
"<html><body><div id=\"user-data\">code injection</div></body></html>"
You also need to remove most attributes but it's just a demo of something that was impossible with the old Enlive.

By the way, the old Enlive is no more. Long live the new Enlive!

No comments: