does know method identify inline javascript event-handler nokogiri or else?
i'd extract onload="alert('page loaded');"
tag:
<body onload="alert('page loaded');"> </body>
i need generic method can identify javascript event handlers.
edit :
i need prevent users recording inline javascript event-handler within wysiwyg (tinymce) form.
for now, gsub :
self.description.gsub(/onafterprint/i, '****') self.description.gsub(/onbeforeprint/i, '****') self.description.gsub(/onbeforeunload/i, '****') ...
this not smart... wondering if possible nokogiri? more usefull , faster ?
i allready know how find doc's attribute nokogiri (maybe not best method)
html_doc.xpath('//@*').each |e| puts e.name # need : e.remove if e.javascript_event_handler? end
my main question how match every existing inline javascript event-handler. don't seems generic method exists. wrong ?
may can you:
//body[contains(@onload,'alert')]
Comments
Post a Comment