Forum: Ruby on Rails Rails sanitize method is stripping my anchors

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Fernando P. (Guest)
on 2009-01-24 18:22
Hi,

I have some html pages that are saved in DB and which require anchors
for quickly jumping inside the page. People can edit the page manually,
so in order to keep things clean I use Rails sanitize method to clean
the html before output. The problem is that it is stripping my anchors.

e.g: <h2 id='team'>Our Team</h2> becomes <h2>Our Team</h2>

How can I prevent sanitize from stripping the anchors? I have added "h2
id' to config.action_view.sanitized_allowed_tags but it did not work.
Fernando P. (Guest)
on 2009-01-24 19:03
Fernando P. wrote:
> Hi,
>
> I have some html pages that are saved in DB and which require anchors
> for quickly jumping inside the page. People can edit the page manually,
> so in order to keep things clean I use Rails sanitize method to clean
> the html before output. The problem is that it is stripping my anchors.
>
> e.g: <h2 id='team'>Our Team</h2> becomes <h2>Our Team</h2>
>
> How can I prevent sanitize from stripping the anchors? I have added "h2
> id' to config.action_view.sanitized_allowed_tags but it did not work.

By poking inside Rails' source code, I have found that you can allow
attributes with for instance:
config.action_view.sanitized_allowed_attributes = 'id'

This way now, I can allow to mix html and markdown for creating such
links.
This topic is locked and can not be replied to.