Msencenb
Reputation: 5104
Rails render raw html but escape javascript?
So I have some user generated content areas of my site. I want them to be able to use html for markup purposes, but I don't want them to be able to execute any arbitrary javascript.
From my understanding raw() will just output everything, html, javascript, and all right into the webpage.
Is there a method that will allow raw rendering of html but not allow rendering of javascript?
Upvotes: 1
Views: 2006
Answers (1)
Related Questions
- Render escaped html in Rails
- render html from javascript rails
- Don't escape html in ruby on rails
- Rails How to escape and display the contents of a rendered view
- Rendering safe html in Rails 3
- Escaping HTML in Rails
- rails 3 - escaping partial's generated html in javascript response
- How to escape javascript-generated html in Rails?
- Escaping HTML in Ruby & adding to DOM with JS
- How to automatically escape HTML in Ruby on Rails?