Sanitizing HTML with Enlive

enlive — cgrand, 22 April 2009 @ 11 h 35 min
net.cgrand.enlive-html=> (sniptest "<div id=user-data>" 
  [:#user-data] (html-content "code injection<script>alert('boo')</script>") 
  [:#user-data (but #{:p :br :a :strong :em})] nil)
"<html><body><div id=\"user-data\">code injection</div></body></html>"

You also need to remove most attributes but it’s just a demo of something that was impossible with the old Enlive.

By the way, the old Enlive is no more. Long live the new Enlive!

0 Comments »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

(c) 2017 Clojure and me | powered by WordPress with Barecity