Preventing Javascript but allowing HTML?

Is there a way I can take away Javascript from a user input but let
them use HTML? Or rather, is there a built in function that just takes
away and leaves all the other tags in tact or would I have to
make one myself?

Mike C wrote:

Is there a way I can take away Javascript from a user input but let
them use HTML? Or rather, is there a built in function that just takes
away and leaves all the other tags in tact or would I have to
make one myself?

You probably want sanitize:

http://api.rubyonrails.com/classes/ActionView/Helpers/SanitizeHelper.html#M000936

It will make JavaScript and forms innocuous leaving everything else
intact. You can easily customize it to suit your requirements.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs