Forum: Ruby on Rails help with sanitizing html (comments in blog)

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Charlie B. (Guest)
on 2006-02-28 06:05
I've added this method in my model which is called with each save.  It
does a good job getting rid of html tags and then emplementing RedCloth.
I'm very new at blogs so I'm not sure if this is adequate or not for
comments.  What do you think?  I would love to hear if this is safe,
unsafe, or just plain bad form.   Also, I don't think that RedCloth is
creating line breaks.  Please, all suggestions are welcome and

  def transform_comment
    self.comment = self.comment.to_s.gsub(/&/, "&").gsub(/\"/,
"&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
    self.comment =,[:filter_html]).to_html

Charlie B.
This topic is locked and can not be replied to.