Is there a way I can take away Javascript from a user input but let
them use HTML? Or rather, is there a built in function that just takes
away and leaves all the other tags in tact or would I have to
make one myself?
Mike C wrote:
Is there a way I can take away Javascript from a user input but let
them use HTML? Or rather, is there a built in function that just takes
away and leaves all the other tags in tact or would I have to
make one myself?
You probably want sanitize:
http://api.rubyonrails.com/classes/ActionView/Helpers/SanitizeHelper.html#M000936
It will make JavaScript and forms innocuous leaving everything else
intact. You can easily customize it to suit your requirements.