diff --git a/bristlecode.rb b/bristlecode.rb
index 0a06660..1ed7209 100644
--- a/bristlecode.rb
+++ b/bristlecode.rb
@@ -3,11 +3,25 @@ require 'sanitize'
module Bristlecode
+ Config = Sanitize::Config::freeze_config(
+ :elements => %w[b em i strong u a strike br],
+ :attributes => {
+ 'a' => ['href']
+ },
+ :add_attributes => {
+ 'a' => {'rel' => 'nofollow'}
+ },
+ :protocols => {
+ 'a' => {'href' => ['http', 'https', :relative]}
+ }
+ )
+
def Bristlecode.to_html(text)
parser = Bristlecode::Parser.new
parse_tree = parser.parse(text)
tree = Bristlecode::Transform.new.apply(parse_tree)
- tree.to_html
+ html = tree.to_html
+ Sanitize.fragment(html, Bristlecode::Config)
end
def Bristlecode.clean(text)
diff --git a/spec/bristlecode/parser_spec.rb b/spec/bristlecode/parser_spec.rb
index 02a488d..07a1e75 100644
--- a/spec/bristlecode/parser_spec.rb
+++ b/spec/bristlecode/parser_spec.rb
@@ -21,9 +21,6 @@ module Bristlecode
expect(to_html('&')).to eq('&')
expect(to_html('>')).to eq('>')
expect(to_html('<')).to eq('<')
- expect(to_html("'")).to eq(''')
- expect(to_html('"')).to eq('"')
- expect(to_html('/')).to eq('/')
end
it 'handles plain text just fine' do
@@ -57,23 +54,23 @@ module Bristlecode
it 'can render simple links' do
input = '[url]http://example.com[/url]'
- output = 'http://example.com'
+ output = 'http://example.com'
expect(to_html(input)).to eq(output)
input = '[url] http://example.com [/url]'
- output = 'http://example.com'
+ output = 'http://example.com'
expect(to_html(input)).to eq(output)
end
it 'passes simple url contents opaquely' do
input = '[url]http://x[b]y[/b]z[/url]'
- output = 'http://x[b]y[/b]z'
+ output = 'http://x[b]y[/b]z'
expect(to_html(input)).to eq(output)
end
it 'handles urls with titles' do
input = '[url=http://google.com]the google[/url]'
- output = 'the google'
+ output = 'the google'
expect(to_html(input)).to eq(output)
end