Ruby on Rails latest stable (v5.2.3) - 0 notes - Class: ActionView::Helpers::TextHelper

Method deprecated or moved

This method is deprecated or moved on the latest stable version. The last existing version (v1.2.6) is shown here.

These similar methods exist in v5.2.3:

sanitize(html) public

Sanitizes the html by converting <form> and <script> tags into regular text, and removing all "onxxx" attributes (so that arbitrary Javascript cannot be executed). It also removes href= and src= attributes that start with "javascript:". You can modify what gets sanitized by defining VERBOTEN_TAGS and VERBOTEN_ATTRS before this Module is loaded.

  sanitize('<script> do_nasty_stuff() </script>')
   => &lt;script> do_nasty_stuff() &lt;/script>
  sanitize('<a href="javascript: sucker();">Click here for $100</a>')
   => <a>Click here for $100</a>
Show source
Register or log in to add new notes.