RSpec
Ruby on Rails
Ruby
method
sanitize
v1.2.6 -
Show latest stable
-
0 notes -
Class: ActionView::Helpers::TextHelper
- 1.0.0 (0)
- 1.1.6 (0)
- 1.2.6 (21)
- 2.0.3
- 2.1.0
- 2.2.1
- 2.3.8
- 3.0.0
- 3.0.9
- 3.1.0
- 3.2.1
- 3.2.8
- 3.2.13
- 4.0.2
- 4.1.8
- 4.2.1
- 4.2.7
- 4.2.9
- 5.0.0.1
- 5.1.7
- 5.2.3
- 6.0.0
- 6.1.3.1
- 6.1.7.7
- 7.0.0
- 7.1.3.2
- 7.1.3.4
- What's this?
-
auto_link
-
auto_linked?
(>= v3.0.0)
-
auto_link_email_addresses
-
auto_link_urls
-
concat
-
current_cycle
(>= v2.2.1)
-
cut_excerpt_part
(>= v4.0.2)
-
cycle
-
excerpt
-
get_cycle
-
highlight
-
markdown
-
pluralize
-
reset_cycle
-
safe_concat
(>= v3.0.0)
-
sanitize
-
set_cycle
-
simple_format
-
split_paragraphs
(>= v4.0.2)
-
strip_links
-
strip_tags
-
textilize
-
textilize_without_paragraph
-
truncate
-
word_wrap
= private
= protected
sanitize(html)
public
Sanitizes the html by converting <form> and <script> tags into regular text, and removing all "onxxx" attributes (so that arbitrary Javascript cannot be executed). It also removes href= and src= attributes that start with "javascript:". You can modify what gets sanitized by defining VERBOTEN_TAGS and VERBOTEN_ATTRS before this Module is loaded.
sanitize('<script> do_nasty_stuff() </script>') => <script> do_nasty_stuff() </script> sanitize('<a href="javascript: sucker();">Click here for $100</a>') => <a>Click here for $100</a>
