Reputation: 851
How to get started with Rail's gem sanitize, because I'm not able to make their quick start example work?
I'm trying to sanitize some of the content inserted by my app's users using a rich text editor.
I have installed the sanitize gem via bundle install
and it appears on the list of gems installed, then added require 'sanitize' in application_controlled.rb
Added this test code in one of my views: <%= Sanitize.fragment('<p>1st <strong>sanitized </strong>comment</p>', Sanitize::Config::RELAXED) %> but the output is <p>1st <strong>sanitized </strong>comment</p> and I have no idea why or how to follow what's wrong with it.
Upvotes: 0
Views: 1161
Answers (1)
Reputation: 36860
There's nothing wrong with it. Sanitize::Config::RELAXED allows <p> and <strong>.
To sanitize the string completely, skip the second argument.
<%= Sanitize.fragment('<p>1st <strong>sanitized </strong>comment</p>' %>
=> `1st sanitized comment`
If you're concerned that the string appears "as is" without escaping the tags, mark it as html_safe
<%= Sanitize.fragment('<p>1st <strong>sanitized </strong>comment</p>', Sanitize::Config::RELAXED).html_safe %>
=> 1st sanitized comment
Upvotes: 1
Related Questions
- Impossible to Install PG gem on my mac with Mavericks
- omniauth requires Ruby version >= 2.1.9. issue while installing gem file
- Ruby Gems not found despite bundle install
- Error Installing react-rails with Rails 5 beta.3
- Issues with neo4j.rb, JRuby. Cannot start rails server
- gem path reverts back to previous path