I installed Redcloth into my app so that it could use Textile.
However, it seems that textilize (the function used to parse the
Textile stuff) and h aren’t compatible. If I do <%= textilize h
@mymessage %> it doesn’t work. If I take out the h it works but then I
leave myself open to XSS. Is there a way to get around this?
Essentially I was trying to allow users to do basic HTML functions and
weed out javascript.
That doesn’t work since textilize parses it into html and then h will,
of course, take those away. Anyways I found a solution to my problem.
It seems that you shouldn’t use textilize but just use RedCloth.new
(message, [:filter_html])