Clojure and me » Search Results » Sanitizing HTML with Enlive

»When the pupil is ready to learn, a teacher will appear.

Sanitizing HTML with Enlive

enlive — cgrand, 22 April 2009 @ 11 h 35 min

net.cgrand.enlive-html=> (sniptest "&lt;div id=user-data>" 
  [:#user-data] (html-content "code injection&lt;script>alert('boo')&lt;/script>") 
  [:#user-data (but #{:p :br :a :strong :em})] nil)
"&lt;html>&lt;body>&lt;div id=\"user-data\">code injection&lt;/div>&lt;/body>&lt;/html>"

You also need to remove most attributes but it’s just a demo of something that was impossible with the old Enlive.

By the way, the old Enlive is no more. Long live the new Enlive!

Comments (5)