How to tackle <script> tag?

I have a text field that takes Title of the post. But a colleague has
tried to insert in javascript code with tag. how do I display
this as-it-is and not let is execute?

Thanks

you could escape the content via &lth;

or

you could use the ‘h’ or ‘sanatize’ methods in the template. << should
be automatic almost all of the time

h(str):

escapes all html

sanitize(str):

escapes script tags, form tags and javascript attributes (ie.
onclick=“alert(‘hi’)”

however as of rails 2.0 (maybe 1.2.4 even) sanitize can take parameters
to specify unique filter options.

Keynan P. wrote:

you could escape the content via &lth;

or

you could use the ‘h’ or ‘sanatize’ methods in the template. << should
be automatic almost all of the time

could you please write some syntax?
thanks

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs