Reputation: 2339
selectively accept HTML tags in user submitted string
What I would like to do is giving to my user the ability to format a submitted text with simple tags such as <b></b> <i></i> ...
Though I cannot really mark the submitted string as html_safe as I don't really want the user to use any html tag they want.
I was wondering if there was a simple solution. (I am pretty new to Ruby and cannot really set up a parsing method by myself)
Ideally it would be a very simple customisable CKeditor-ish gem or alternatively some Ruby code to parse the string, keep the accepted tags and remove every other tag. (then my string can be marked html_safe)
Upvotes: 0
Views: 30
Answers (1)
Reputation: 36860
You want the sanitize helper method which is built into rails.
<%= sanitize @user_input, tags: %w(b i) %>
It whitelists the allowed tags. Any tags not in the tags: array are not rendered.
Read about it here...
http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
Upvotes: 3
Related Questions
- Check if String is HTML or not in ruby
- How to have Rails Views process HTML tags from database content?
- String Manipulation in Embedded Ruby
- Converting HTML input tags for rails FormHelper tags?
- How could I use a regex expression in Ruby to ignore HTML tags?
- Mix HTML and non-HTML strings in Rails ERB
- ruby on rails how to escape html tags
- Removing html tags from a form field after the user clicks submit (Rails)
- How to sanitize user generated html code in ruby on rails
- Rails - close html tags when you enter html in a form