v1.2.6 - Show latest stable - 0 notes - Class: ActionView::Helpers::TextHelper
sanitize(html) public

Sanitizes the html by converting <form> and <script> tags into regular text, and removing all "onxxx" attributes (so that arbitrary Javascript cannot be executed). It also removes href= and src= attributes that start with "javascript:". You can modify what gets sanitized by defining VERBOTEN_TAGS and VERBOTEN_ATTRS before this Module is loaded.

  sanitize('<script> do_nasty_stuff() </script>')
   => &lt;script> do_nasty_stuff() &lt;/script>
  sanitize('<a href="javascript: sucker();">Click here for $100</a>')
   => <a>Click here for $100</a>
Show source
Register or log in to add new notes.