Rails - May 2007 - Allow HTML and Deny JavaScript

How to allow the HTML and Deny the JavaScript?

If you use the h tag:

<% for column in Post.content_columns %>
<p>
  <b><%= column.human_name %>:</b> <br /> <%=h
@post.send(column.name)
%>
</p>
<% end %>

You are escaping of HTML and JS tags/commands.

How can I display only the HTML format?

Thank you!


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

You can ue something like
<%=
sometextvarwithhtml.gsub(/<\s*script.*?script\s*>/,'''')
%>

But you still have to look for onClick="", and all other events that
can
execute scripts in a page.

lucascarvalho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
wrote:
> How to allow the HTML and Deny the JavaScript?
> 
> If you use the h tag:
> 
> <% for column in Post.content_columns %>
> <p>
>   <b><%= column.human_name %>:</b> <br /> <%=h
@post.send(column.name)
> %>
> </p>
> <% end %>
> 
> You are escaping of HTML and JS tags/commands.
> 
> How can I display only the HTML format?
> 
> Thank you!
-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Optionally you can also use some other Markup language like textile or
bbcode.


-- 
Posted via http://www.ruby-forum.com/.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 5/29/07, lucascarvalho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
<lucascarvalho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
> How to allow the HTML and Deny the JavaScript?
>
> If you use the h tag:
>
> <% for column in Post.content_columns %>
> <p>
>   <b><%= column.human_name %>:</b> <br /> <%=h
@post.send(column.name)
> %>
> </p>
> <% end %>
>
> You are escaping of HTML and JS tags/commands.
>
> How can I display only the HTML format?
>
> Thank you!


Rick Olson''s White List
Helper<http://svn.techno-weenie.net/projects/plugins/white_list/>is
the way to go for this.  It strips out anything that is not
specifically
allowed.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Daniel,
 Sorry but I am starting with rails so I don''t know how to user this
helper
very well.
 I already copied the helper file to app/helpers and into my view where I
should to use <%=h @posts.content %> i used <%= white_list
@post.content %>
and got an error "NoMethodError in Posts#show".
 What is wrong?

Thank you!


On 5/29/07, Daniel N <has.sox-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
>
> On 5/29/07, lucascarvalho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
<lucascarvalho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org > wrote:
> >
> >
> > How to allow the HTML and Deny the JavaScript?
> >
> > If you use the h tag:
> >
> > <% for column in Post.content_columns %>
> > <p>
> >   <b><%= column.human_name %>:</b> <br />
<%=h @post.send(column.name)
> > %>
> > </p>
> > <% end %>
> >
> > You are escaping of HTML and JS tags/commands.
> >
> > How can I display only the HTML format?
> >
> > Thank you!
>
>
>
> Rick Olson''s White List
Helper<http://svn.techno-weenie.net/projects/plugins/white_list/>is the
way to go for this.  It strips out anything that is not specifically
> allowed.
>
>
>
>
> >
>

-- 
Lucas Carvalho

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On Jun 5, 12:49 pm, "Lucas Carvalho"
<lucascarva...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Daniel,
>  Sorry but I am starting with rails so I don''t know how to user
this helper
> very well.
>  I already copied the helper file to app/helpers and into my view where I
> should to use <%=h @posts.content %> i used <%= white_list
@post.content %>
> and got an error "NoMethodError in Posts#show".
>  What is wrong?
Did you restart your app?  Do you see errors when you start your app
preventing the plugin from loading?  Are you on a recent version of
rails?


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Yes.
I just want to know how to install that.

On 6/5/07, Rick Olson
<technoweenie-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
>
>
>
> On Jun 5, 12:49 pm, "Lucas Carvalho"
<lucascarva...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > Daniel,
> >  Sorry but I am starting with rails so I don''t know how to
user this
> helper
> > very well.
> >  I already copied the helper file to app/helpers and into my view
where
> I
> > should to use <%=h @posts.content %> i used <%= white_list
@post.content%>
> > and got an error "NoMethodError in Posts#show".
> >  What is wrong?
>
> Did you restart your app?  Do you see errors when you start your app
> preventing the plugin from loading?  Are you on a recent version of
> rails?
>
>
> >
>

-- 
Lucas Carvalho

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I installed the plugin using
$ ruby script/plugin install "svn link"

And I just replace the tag h() for white_list, like i already said.

And I am getting this error:

 NoMethodError in Posts#show

Showing app/views/posts/show.rhtml where line #4 raised:

undefined method `white_list'' for
#<#<Class:0xb708c5fc>:0xb708c5d4>

Extracted source (around line #4):

1: <span class="titletext"><%=h @post.name %></span>
2: <br />
3: <br />
4: <%= white_list @post.content %>
5:
6: <p>
7:     <b> Created at: </b>


On 5 jun, 15:06, "Lucas Carvalho"
<lucascarva...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> Yes.
> I just want to know how to install that.
>
> On 6/5/07, Rick Olson
<technowee...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
>
>
> > On Jun 5, 12:49 pm, "Lucas Carvalho"
<lucascarva...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> > > Daniel,
> > >  Sorry but I am starting with rails so I don''t know how
to user this
> > helper
> > > very well.
> > >  I already copied the helper file to app/helpers and into my view
where
> > I
> > > should to use <%=h @posts.content %> i used <%=
white_list @post.content%>
> > > and got an error "NoMethodError in Posts#show".
> > >  What is wrong?
>
> > Did you restart your app?  Do you see errors when you start your app
> > preventing the plugin from loading?  Are you on a recent version of
> > rails?
>
> --
> Lucas Carvalho

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

On 6/5/07, lucascarvalho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
<lucascarvalho-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
>
> I installed the plugin using
> $ ruby script/plugin install "svn link"
>
> And I just replace the tag h() for white_list, like i already said.
That''s all you need.  So again:

Did you restart your app?  Do you see errors when you start your app
preventing the plugin from loading?  Are you on a recent version of
rails?

-- 
Rick Olson
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Now it is working.
I restarted my app. >.<
Thank you Rick!

On 5 jun, 16:17, "Rick Olson"
<technowee...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> On 6/5/07, lucascarva...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
<lucascarva...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
>
>
>
> > I installed the plugin using
> > $ ruby script/plugin install "svn link"
>
> > And I just replace the tag h() for white_list, like i already said.
>
> That''s all you need.  So again:
>
> Did you restart your app?  Do you see errors when you start your app
> preventing the plugin from loading?  Are you on a recent version of
> rails?
>
> --
> Rick
Olsonhttp://lighthouseapp.comhttp://weblog.techno-weenie.nethttp://mephistoblog.com

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---