net.cgrand.enlive-html=> (sniptest "<div id=user-data>"You also need to remove most attributes but it's just a demo of something that was impossible with the old Enlive.
[:#user-data] (html-content "code injection<script>alert('boo')</script>")
[:#user-data (but #{:p :br :a :strong :em})] nil)
"<html><body><div id=\"user-data\">code injection</div></body></html>"
By the way, the old Enlive is no more. Long live the new Enlive!
No comments:
Post a Comment