Rails - Jan 2007 - two questions about forms

Hi, I''ve two questions about forms:
- the first is about esthetically, does exist any GUI for forms? like
(every?) forums and wikis, something that allow the user to click for
example on B for insert some text in bold, or a button list, table,
etc...
- the second is about security, if we accept something (for example a
description) from users that will be showed it''s better to do an html
escape with h(), right? but in case i want to use something like
textilize or a GUI, if i do an html escape also the style inserted by
textilize will be escaped...so, how can i have a more secure form that
allow to have some style?

-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Regarding the first question, many javascript WYSIWYG editors are
available.  I found this site on Google:
http://www.htmlarea.com/directory/Web_Software_Components/WYSIWYG_Editors/

Regarding your second question, do the html_escape before the
textilize: h(text_from_user).textilize

Dan Manges


--~--~---------~--~----~------------~-------~--~----~
 You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---