Add prune flag to PermitScrubber

By default PermitScrubber leaves behind inner content when scrubbing a
node. Setting the `prune` flag will remove the node *and* its content.

Author: seyerian

lib/rails/html/sanitizer.rb

@@ -104,11 +104,13 @@ class SafeListSanitizer < Sanitizer
       class << self
         attr_accessor :allowed_tags
         attr_accessor :allowed_attributes
+        attr_accessor :prune
       end
       self.allowed_tags = Set.new(%w(strong em b i p code pre tt samp kbd var sub
         sup dfn cite big small address hr br div span h1 h2 h3 h4 h5 h6 ul ol li dl dt dd abbr
         acronym a img blockquote del ins))
       self.allowed_attributes = Set.new(%w(href src width height alt cite datetime title class name xml:lang abbr))
+      self.prune = false
 
       def initialize
         @permit_scrubber = PermitScrubber.new
@@ -123,9 +125,10 @@ def sanitize(html, options = {})
         if scrubber = options[:scrubber]
           # No duck typing, Loofah ensures subclass of Loofah::Scrubber
           loofah_fragment.scrub!(scrubber)
-        elsif allowed_tags(options) || allowed_attributes(options)
+        elsif allowed_tags(options) || allowed_attributes(options) || prune(options)
           @permit_scrubber.tags = allowed_tags(options)
           @permit_scrubber.attributes = allowed_attributes(options)
+          @permit_scrubber.prune = prune(options)
           loofah_fragment.scrub!(@permit_scrubber)
         else
           remove_xpaths(loofah_fragment, XPATHS_TO_REMOVE)
@@ -148,6 +151,10 @@ def allowed_tags(options)
       def allowed_attributes(options)
         options[:attributes] || self.class.allowed_attributes
       end
+
+      def prune(options)
+        options.key?(:prune) ? options[:prune] : self.class.prune
+      end
     end
 
     WhiteListSanitizer = SafeListSanitizer

lib/rails/html/scrubbers.rb

@@ -45,10 +45,12 @@ module Html
     # See the documentation for +Nokogiri::XML::Node+ to understand what's possible
     # with nodes: https://nokogiri.org/rdoc/Nokogiri/XML/Node.html
     class PermitScrubber < Loofah::Scrubber
+      attr_accessor :prune
       attr_reader :tags, :attributes
 
       def initialize
         @direction = :bottom_up
+        @prune = false
         @tags, @attributes = nil, nil
       end
 
@@ -98,7 +100,7 @@ def keep_node?(node)
       end
 
       def scrub_node(node)
-        node.before(node.children) # strip
+        node.before(node.children) unless prune # strip
         node.remove
       end
 

test/sanitizer_test.rb

@@ -249,6 +249,20 @@ def test_custom_attributes_overrides_allowed_attributes
     end
   end
 
+  def test_setting_default_prune_affects_sanitization
+    scope_prune true do |sanitizer|
+      input = '<u>leave me <b>now</b></u>'
+      assert_equal '<u>leave me </u>', sanitizer.sanitize(input, tags: %w(u))
+    end
+  end
+
+  def test_custom_prune_overrides_default_prune
+    scope_prune true do |sanitizer|
+      input = '<u>leave me <b>now</b></u>'
+      assert_equal '<u>leave me now</u>', sanitizer.sanitize(input, tags: %w(u), prune: false)
+    end
+  end
+
   def test_should_allow_custom_tags
     text = "<u>foo</u>"
     assert_equal text, safe_list_sanitize(text, tags: %w(u))
@@ -616,6 +630,14 @@ def scope_allowed_attributes(attributes)
     Rails::Html::SafeListSanitizer.allowed_attributes = old_attributes
   end
 
+  def scope_prune(prune)
+    old_prune = Rails::Html::SafeListSanitizer.prune
+    Rails::Html::SafeListSanitizer.prune = prune
+    yield Rails::Html::SafeListSanitizer.new
+  ensure
+    Rails::Html::SafeListSanitizer.prune = old_prune
+  end
+
   # note that this is used for testing CSS hex encoding: \\[0-9a-f]{1,6}
   def convert_to_css_hex(string, escape_parens=false)
     string.chars.map do |c|

test/scrubbers_test.rb

@@ -66,6 +66,13 @@ def test_leaves_only_supplied_tags
     assert_scrubbed html, '<tag>leave me now</tag>'
   end
 
+  def test_prunes_tags
+    html = '<tag>leave me <span>now</span></tag>'
+    @scrubber.tags = %w(tag)
+    @scrubber.prune = true
+    assert_scrubbed html, '<tag>leave me </tag>'
+  end
+
   def test_leaves_comments_when_supplied_as_tag
     @scrubber.tags = %w(div comment)
     assert_scrubbed('<div>one</div><!-- two --><span>three</span>',