Now I went to some stupid position I want the users to be able to use the garment, but they Should not mess around with my valid HTML, so I have to avoid HTML in any way.
-
html_escape (textilize (" foo"))textile will break -
Textilize (html_escape ("& lt; / body> Foo")) will work, but breaks different garment features such as links (like "link name": Http : //www.wheretogo.com/), because the quote is& amp; Quot;and thus will not be known by the textile now. -
Syntaxdoes not work better.
Any suggestions on that? I would not like to use clean for this problem. Thanks in advance.
For those who run in the same problem: If you Redcloth Gone Only define their own method (in one of its subsidiaries)
def secure_textile (s) if s && s.sund_to? (: To_s) doc = RedCloth.new (S.to_s) doc.filter_html = true doc.to_html ending
Documentation descending:
To establish security restrictions Assistant for
If you are using Redcloth for formatting in public places (like Wiki) then you are a good thing where you do not want users to misuse HTML for bad things.
If
filter_htmlis set, the HTML will not be saved by the textile processor will survive. Alternatively, ifsanitize_htmlis set up, the HTML text can pass through the processor but unauthorized tags and properties will be removed.
Comments
Post a Comment