From 27f5f0bd2dec2874955b7db66c7bffdc02752332 Mon Sep 17 00:00:00 2001 From: Greg Weber Date: Mon, 1 Nov 2010 16:27:03 -0700 Subject: [PATCH] sanitize now the preferred name over sanitizeXSS --- README.md | 4 ++-- Text/HTML/SanitizeXSS.hs | 6 +++++- test.hs | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 618cc91..e0f31eb 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ Summary ======= provides 2 functions in the module Text.HTML.SanitizeXSS -* sanitizeXSS - filters html to prevent XSS attacks. -* sanitizeBalance - same as sanitizeXSS but makes sure there are no lone closing tags - this could prevent a user's html from messing up your page +* sanitize - filters html to prevent XSS attacks. +* sanitizeBalance - same as sanitize but makes sure there are no lone closing tags - this could prevent a user's html from messing up your page Use Case ======== diff --git a/Text/HTML/SanitizeXSS.hs b/Text/HTML/SanitizeXSS.hs index e168ec6..a94aa5f 100644 --- a/Text/HTML/SanitizeXSS.hs +++ b/Text/HTML/SanitizeXSS.hs @@ -1,6 +1,7 @@ module Text.HTML.SanitizeXSS - ( sanitizeXSS + ( sanitize , sanitizeBalance + , sanitizeXSS ) where import Text.HTML.TagSoup @@ -15,6 +16,9 @@ import Codec.Binary.UTF8.String ( encodeString ) import qualified Data.Map as Map -- | santize the html to prevent XSS attacks. See README.md for more details +sanitize = sanitizeXSS + +-- alias of sanitize function sanitizeXSS :: String -> String sanitizeXSS = renderTagsOptions renderOptions { optMinimize = \x -> x `elem` ["br","img"] -- converts to , converts to diff --git a/test.hs b/test.hs index 81e9901..6ba0774 100644 --- a/test.hs +++ b/test.hs @@ -8,4 +8,4 @@ test actual expected = do main = do test (sanitizeBalance testHTML) " safeanchor
Unbalanced
" - test (sanitizeXSS testHTML) " safeanchor
Unbalanced" + test (sanitize testHTML) " safeanchor
Unbalanced"