The Whitewash module allows Ruby programs to clean up any HTML document or fragment coming from an untrusted source and to remove all dangerous constructs that could be used for cross-site scripting or request forgery. All HTML tags, attribute names and values, and CSS properties are filtered through a whitelist that defines which names and what kinds of values are allowed; everything that doesn't match the whitelist is removed. The whitelist is provided externally, and the default whitelist is loaded from the whitelist.yaml shipped with Whitewash. The default is the most strict (for example, it does not allow cross-site links to images in IMG tags) and can be considered safe for all uses.
48b1ad0f0b8e17c97223e2272e12cd11873d14beb0aabe0425706a6b4379c4c5
Samizdat versions 0.6.1 and below suffer from a persistent cross site scripting vulnerability.
70b4b80ee536506c435cba3d044218c7d6cc8e4ea8e64911297f8247d6cde068