Extracted the xpath removals into some new API that allows users to remove xpath subtrees.

actionview/lib/action_view/helpers/sanitize_helper/sanitizers.rb

@@ -49,8 +49,7 @@ def sanitize(html, options = {})
         @permit_scrubber.attributes = options[:attributes]
         loofah_fragment.scrub!(@permit_scrubber)
       else
-        loofah_fragment.xpath("./script").each { |script| script.remove }
-        loofah_fragment.xpath("./form").each { |form| form.remove }
+        remove_xpaths(loofah_fragment, %w(./script ./form))
         loofah_fragment.scrub!(:strip)
       end
       loofah_fragment.to_s
@@ -60,6 +59,13 @@ def sanitize_css(style_string)
       Loofah::HTML5::Scrub.scrub_css style_string
     end
 
+    def remove_xpaths(html, *xpaths)
+      html = Loofah.fragment(html) unless html.is_a? Nokogiri::XML::DocumentFragment
+      xpaths.each do |xpath|
+        html.xpath(xpath).each { |subtree| subtree.remove }
+      end
+    end
+
     def protocol_separator
       self.class.protocol_separator
     end