Allow HTML and Deny JavaScript

How to allow the HTML and Deny the JavaScript?

If you use the h tag:

<% for column in Post.content_columns %>

<%= column.human_name %>:
<%=h @post.send(column.name) %>

<% end %>

You are escaping of HTML and JS tags/commands.

How can I display only the HTML format?

Thank you!

You can ue something like
<%= sometextvarwithhtml.gsub(/<\sscript.?script\s*>/,’’) %>

But you still have to look for onClick="", and all other events that can
execute scripts in a page.

[email protected] wrote:

How to allow the HTML and Deny the JavaScript?

If you use the h tag:

<% for column in Post.content_columns %>

<%= column.human_name %>:
<%=h @post.send(column.name) %>

<% end %>

You are escaping of HTML and JS tags/commands.

How can I display only the HTML format?

Thank you!

Optionally you can also use some other Markup language like textile or
bbcode.

On 5/29/07, [email protected] [email protected] wrote:

<% end %>

You are escaping of HTML and JS tags/commands.

How can I display only the HTML format?

Thank you!

Rick O.'s White List
Helperhttp://svn.techno-weenie.net/projects/plugins/white_list/is
the way to go for this. It strips out anything that is not
specifically
allowed.

Daniel,
Sorry but I am starting with rails so I don’t know how to user this
helper
very well.
I already copied the helper file to app/helpers and into my view where
I
should to use <%=h @posts.content %> i used <%= white_list @post.content
%>
and got an error “NoMethodError in Posts#show”.
What is wrong?

Thank you!

On 5/29/07, Daniel N [email protected] wrote:

<% for column in Post.content_columns %>
Thank you!


Lucas Carvalho

Yes.
I just want to know how to install that.

On 6/5/07, Rick O. [email protected] wrote:

I


Lucas Carvalho

On Jun 5, 12:49 pm, “Lucas Carvalho” [email protected] wrote:

Daniel,
Sorry but I am starting with rails so I don’t know how to user this helper
very well.
I already copied the helper file to app/helpers and into my view where I
should to use <%=h @posts.content %> i used <%= white_list @post.content %>
and got an error “NoMethodError in Posts#show”.
What is wrong?

Did you restart your app? Do you see errors when you start your app
preventing the plugin from loading? Are you on a recent version of
rails?

I installed the plugin using
$ ruby script/plugin install “svn link”

And I just replace the tag h() for white_list, like i already said.

And I am getting this error:

NoMethodError in Posts#show

Showing app/views/posts/show.rhtml where line #4 raised:

undefined method `white_list’ for #<#Class:0xb708c5fc:0xb708c5d4>

Extracted source (around line #4):

1: <%=h @post.name %>
2:

3:

4: <%= white_list @post.content %>
5:
6:


7: Created at:

On 6/5/07, [email protected] [email protected] wrote:

I installed the plugin using
$ ruby script/plugin install “svn link”

And I just replace the tag h() for white_list, like i already said.

That’s all you need. So again:

Did you restart your app? Do you see errors when you start your app
preventing the plugin from loading? Are you on a recent version of
rails?


Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

Now it is working.
I restarted my app. >.<
Thank you Rick!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs