Sanitizing HTML with Enlive

enlive — cgrand, 22 April 2009 @ 11 h 35 min
net.cgrand.enlive-html=> (sniptest "<div id=user-data>" 
  [:#user-data] (html-content "code injection<script>alert('boo')</script>") 
  [:#user-data (but #{:p :br :a :strong :em})] nil)
"<html><body><div id=\"user-data\">code injection</div></body></html>"

You also need to remove most attributes but it’s just a demo of something that was impossible with the old Enlive.

By the way, the old Enlive is no more. Long live the new Enlive!


No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a comment

(c) 2023 Clojure and me | powered by WordPress with Barecity