Created
February 18, 2009 15:10
-
-
Save bensie/66376 to your computer and use it in GitHub Desktop.
Rails sanitize() method usage
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Add safe tags to sanitize method | |
Rails::Initializer.run do |config| | |
config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td' | |
config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style' | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tags = %w(a acronym b strong i em li ul ol h1 h2 h3 h4 h5 h6 blockquote br cite sub sup ins p) | |
s = sanitize(user_input, :tags => tags, :attributes => %w(href title)) | |
# http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#M001588 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment