Forum: Ruby on Rails help with sanitizing html (comments in blog)

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Charlie B. (Guest)
on 2006-02-28 06:05
I've added this method in my model which is called with each save.  It
does a good job getting rid of html tags and then emplementing RedCloth.
I'm very new at blogs so I'm not sure if this is adequate or not for
comments.  What do you think?  I would love to hear if this is safe,
unsafe, or just plain bad form.   Also, I don't think that RedCloth is
creating line breaks.  Please, all suggestions are welcome and
appreciated!

  def transform_comment
    self.comment = self.comment.to_s.gsub(/&/, "&").gsub(/\"/,
"&quot;").gsub(/>/, "&gt;").gsub(/</, "&lt;")
    self.comment = RedCloth.new(self.comment,[:filter_html]).to_html
  end

Charlie B.
This topic is locked and can not be replied to.