Help with sanitizing html (comments in blog)


#1

I’ve added this method in my model which is called with each save. It
does a good job getting rid of html tags and then emplementing RedCloth.
I’m very new at blogs so I’m not sure if this is adequate or not for
comments. What do you think? I would love to hear if this is safe,
unsafe, or just plain bad form. Also, I don’t think that RedCloth is
creating line breaks. Please, all suggestions are welcome and
appreciated!

def transform_comment
self.comment = self.comment.to_s.gsub(/&/, “&”).gsub(/"/,
“”").gsub(/>/, “>”).gsub(/</, “<”)
self.comment = RedCloth.new(self.comment,[:filter_html]).to_html
end

Charlie B.