Hi there,
I have a forum which allow user to post comment.
For security reason, when user submit a new post , I will use h() to
escape
any html or javascript code.
Is there any function likes h(), which will escape most of the
html/javascript code,
but also keep some basic html elements like , ,
… so
that
user can post comment with some-html ?
Thanks.
Gary
“Gary L.” [email protected] writes:
Hi there,
I have a forum which allow user to post comment.
For security reason, when user submit a new post , I will use h() to escape
any html or javascript code.Is there any function likes h(), which will escape most of the
html/javascript code,
but also keep some basic html elements like , ,
… so that
user can post comment with some-html ?
sanitize
–
Surendra S.
http://ssinghi.kreeti.com, http://www.kreeti.com
Read my blog at: http://cuttingtheredtape.blogspot.com/
,----
| “All animals are equal, but some animals are more equal than others.”
| – Orwell, Animal Farm, 1945
`----
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs