RSpec
Ruby on Rails
Ruby
method
sanitize
Ruby on Rails latest stable (v3.2.13)
-
0 notes -
Class: ActionView::Helpers::TextHelper
- 1.0.0 (0)
- 1.1.0 (0)
- 1.1.1 (0)
- 1.1.6 (0)
- 1.2.0 (21)
- 1.2.6 (0)
- 2.0.0
- 2.0.1
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.2
- 2.3.8
- 3.0.0
- 3.0.5
- 3.0.7
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.3
- 3.2.8
- 3.2.13
- What's this?
-
auto_link
(<= v3.0.9)
-
auto_linked?
(<= v3.0.9)
-
auto_link_email_addresses
(<= v3.0.9)
-
auto_link_urls
(<= v3.0.9)
-
concat
-
current_cycle
-
cycle
-
excerpt
-
get_cycle
-
highlight
-
markdown
(<= v2.3.8)
-
pluralize
-
reset_cycle
-
safe_concat
-
sanitize
(<= v1.2.6)
-
set_cycle
-
simple_format
-
strip_links
(<= v1.2.6)
-
strip_tags
(<= v1.2.6)
-
textilize
(<= v2.3.8)
-
textilize_without_paragraph
(<= v2.3.8)
-
truncate
-
word_wrap
= private
= protected
sanitize(html)
public
Sanitizes the html by converting <form> and <script> tags into regular text, and removing all "onxxx" attributes (so that arbitrary Javascript cannot be executed). It also removes href= and src= attributes that start with "javascript:". You can modify what gets sanitized by defining VERBOTEN_TAGS and VERBOTEN_ATTRS before this Module is loaded.
sanitize('<script> do_nasty_stuff() </script>') => <script> do_nasty_stuff() </script> sanitize('<a href="javascript: sucker();">Click here for $100</a>') => <a>Click here for $100</a>
