How to allow the HTML and Deny the JavaScript?
If you use the h tag:
<% for column in Post.content_columns %>
<%= column.human_name %>:
<%=h @post.send(column.name)
%>
You are escaping of HTML and JS tags/commands.
How can I display only the HTML format?
Thank you!
You can ue something like
<%= sometextvarwithhtml.gsub(/<\sscript.?script\s*>/,’’) %>
But you still have to look for onClick="", and all other events that can
execute scripts in a page.
[email protected] wrote:
How to allow the HTML and Deny the JavaScript?
If you use the h tag:
<% for column in Post.content_columns %>
<%= column.human_name %>:
<% end %>
<%=h @post.send(column.name) %>You are escaping of HTML and JS tags/commands.
How can I display only the HTML format?
Thank you!
Optionally you can also use some other Markup language like textile or
bbcode.
On 5/29/07, [email protected] [email protected] wrote:
<% end %>You are escaping of HTML and JS tags/commands.
How can I display only the HTML format?
Thank you!
Rick O.'s White List
Helperhttp://svn.techno-weenie.net/projects/plugins/white_list/is
the way to go for this. It strips out anything that is not
specifically
allowed.
Daniel,
Sorry but I am starting with rails so I don’t know how to user this
helper
very well.
I already copied the helper file to app/helpers and into my view where
I
should to use <%=h @posts.content %> i used <%= white_list @post.content
%>
and got an error “NoMethodError in Posts#show”.
What is wrong?
Thank you!
On 5/29/07, Daniel N [email protected] wrote:
<% for column in Post.content_columns %>
Thank you!
–
Lucas Carvalho
Yes.
I just want to know how to install that.
On 6/5/07, Rick O. [email protected] wrote:
I
–
Lucas Carvalho
On Jun 5, 12:49 pm, “Lucas Carvalho” [email protected] wrote:
Daniel,
Sorry but I am starting with rails so I don’t know how to user this helper
very well.
I already copied the helper file to app/helpers and into my view where I
should to use <%=h @posts.content %> i used <%= white_list @post.content %>
and got an error “NoMethodError in Posts#show”.
What is wrong?
Did you restart your app? Do you see errors when you start your app
preventing the plugin from loading? Are you on a recent version of
rails?
I installed the plugin using
$ ruby script/plugin install “svn link”
And I just replace the tag h() for white_list, like i already said.
And I am getting this error:
NoMethodError in Posts#show
Showing app/views/posts/show.rhtml where line #4 raised:
undefined method `white_list’ for #<#Class:0xb708c5fc:0xb708c5d4>
Extracted source (around line #4):
1: <%=h @post.name %>
2:
3:
4: <%= white_list @post.content %>
5:
6:
7: Created at:
On 6/5/07, [email protected] [email protected] wrote:
I installed the plugin using
$ ruby script/plugin install “svn link”And I just replace the tag h() for white_list, like i already said.
That’s all you need. So again:
Did you restart your app? Do you see errors when you start your app
preventing the plugin from loading? Are you on a recent version of
rails?
–
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Now it is working.
I restarted my app. >.<
Thank you Rick!
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs