Rails render raw html but escape javascript?
Question
So I have some user generated content areas of my site. I want them to be able to use html for markup purposes, but I don't want them to be able to execute any arbitrary javascript.
From my understanding raw() will just output everything, html, javascript, and all right into the webpage.
Is there a method that will allow raw rendering of html but not allow rendering of javascript?
1 answers
solution1
1 ACCPTED 2011-08-10 06:26:11
Have a look at sanitize .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
render html from javascript rails
Rails partial html escape
How to render a raw HTML on Angular
How to render raw html in freemarker?
How to render raw html with AngularJS?
How do you escape raw HTML in Go?
Escape HTML and Javascript tags
Correct way to escape this HTML in Rails
Rails: How to call a Javascript function from HTML in render :pdf
Rails and html - style fontawesome in raw
Related Tags