如何清除Rails中的ruby中的“内联JavaScript”?
[英]How to sanitize “inline javascript” in ruby on rails?
问题描述
I am specifically developing an app in ruby on rails and i find that the ruby gem "sanitize" is very useful for cleaning the input by user but it does not remove inline javascript which makes it rather useless 
我专门开发了一个在Rails上使用ruby的应用程序,我发现ruby gem“ sanitize”对于清理用户输入非常有用,但是它不会删除内联JavaScript,这使其变得毫无用处
I have gone through these but that does not sanitize inline javascript 我已经经历了这些,但是没有清理内联javascript
Is there any better to do this(any gems or so)? 有什么更好的办法(任何宝石左右)?
1 个解决方案
解决方案1
1 2012-09-21 07:07:18
Well you can set a whitelist for sanitize to only allow specific tags and attributes, so i guess you already got what you are looking for: 好吧,您可以为清除设置白名单,只允许特定的标签和属性,所以我想您已经找到了想要的东西:
Sanitize.clean(html, :elements => ['a', 'span'],
:attributes => {'a' => ['href', 'title'], 'span' => ['class']},
:protocols => {'a' => {'href' => ['http', 'https', 'mailto']}})
Snipped from http://wonko.com/post/sanitize 摘自http://wonko.com/post/sanitize
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.