Rails spinoffs - May 2008 - HELP !!! RAils HTML sanitizer to remove html tags

HI,
I am new to rails and lately was introduced to FCK editor for formatting 
text.
Do you have any idea about how can we sanitize strings.
I am using FCK editor for my text areas but because of that the data in 
the database is completely filled with HTML tags used for formatting the 
data/.
eg: <p><b> text </b></p> etc...

But I need to show the formatted text at some instances whereas normal 
text at other instances.
Do let me know if we can somehow sanitize the text and strip off the 
html tags from it.

Thanx a lot
JON

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

HI,
I am new to rails and lately was introduced to FCK editor for formatting 
text.
Do you have any idea about how can we sanitize strings.
I am using FCK editor for my text areas but because of that the data in 
the database is completely filled with HTML tags used for formatting the 
data/.
eg: <p><b> text </b></p> etc...

But I need to show the formatted text at some instances whereas normal 
text at other instances.
Do let me know if we can somehow sanitize the text and strip off the 
html tags from it.

Thanx a lot
JON

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

HI,
I am new to rails and lately was introduced to FCK editor for formatting 
text.
Do you have any idea about how can we sanitize strings.
I am using FCK editor for my text areas but because of that the data in 
the database is completely filled with HTML tags used for formatting the 
data/.
eg: <p><b> text </b></p> etc...

But I need to show the formatted text at some instances whereas normal 
text at other instances.
Do let me know if we can somehow sanitize the text and strip off the 
html tags from it.

Thanx a lot
JON

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi,


Hpricot is a very flexible HTML parser, based on Tanaka Akira''s
HTree<http://www.a-k-r.org/htree/>and John Resig''s
JQuery <http://jquery.com/>, but with the scanner recoded in C (using
Ragel<http://www.cs.queensu.ca/%7Ethurston/ragel/>for scanning.)
I''ve
borrowed what I believe to be the best ideas from these
wares to make Hpricot heaps of fun to use.


Installing
Hpricot<http://localhost:8808/doc_root/hpricot-0.6-mswin32/rdoc/classes/Hpricot.html>

You may get the latest stable version from Rubyforge. Win32 binaries and
source gems are available.

  $ gem install hpricot

 As
Hpricot<http://localhost:8808/doc_root/hpricot-0.6-mswin32/rdoc/classes/Hpricot.html>is
still under active development, you can also try the most recent
candidate build here:

  $ gem install hpricot --source http://code.whytheluckystiff.net

 The development gem is usually in pretty good shape actually. You can also
get the bleeding edge code or plain Ruby tarballs on the wiki.

For more Details:
Please see the link

 http://code.whytheluckystiff.net/hpricot/





-- 
Regards,
P.Raveendran
http://raveendran.wordpress.com
+919941414834

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

If I remember correctly, the acts_as_textiled plugin lets you show textiled
text without the tags, or with - based on parameters passed.

In my experience editors like fck cause more problems than they solve -
textile is a lot better behaved. However, it obviously depends on your
needs.

Regards
Ivor

On Thu, May 15, 2008 at 11:23 AM, Raveendran P
<jazzezravi-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org> wrote:
> Hi,
>
>
> Hpricot is a very flexible HTML parser, based on Tanaka Akira''s
HTree<http://www.a-k-r.org/htree/>and John Resig''s
> JQuery <http://jquery.com/>, but with the scanner recoded in C (using
> Ragel <http://www.cs.queensu.ca/%7Ethurston/ragel/> for scanning.)
I''ve
> borrowed what I believe to be the best ideas from these wares to make
> Hpricot heaps of fun to use.
>
>
> Installing
Hpricot<http://localhost:8808/doc_root/hpricot-0.6-mswin32/rdoc/classes/Hpricot.html>
>
> You may get the latest stable version from Rubyforge. Win32 binaries and
> source gems are available.
>
>   $ gem install hpricot
>
>  As
Hpricot<http://localhost:8808/doc_root/hpricot-0.6-mswin32/rdoc/classes/Hpricot.html>is
still under active development, you can also try the most recent
> candidate build here:
>
>   $ gem install hpricot --source http://code.whytheluckystiff.net
>
>  The development gem is usually in pretty good shape actually. You can also
> get the bleeding edge code or plain Ruby tarballs on the wiki.
>
> For more Details:
> Please see the link
>
>  http://code.whytheluckystiff.net/hpricot/
>
>
>
>
>
> --
> Regards,
> P.Raveendran
> http://raveendran.wordpress.com
> +919941414834
>
>
> >
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

I''d try asking on Ruby on Rails: Talk for this sort of thing.

http://groups.google.com/group/rubyonrails-talk

On May 15, 10:16 am, "web.bloggers" <web.blogg...@gmail.com>
wrote:
> HI,
> I am new to rails and lately was introduced to FCK editor for formatting
> text.
> Do you have any idea about how can we sanitize strings.
> I am using FCK editor for my text areas but because of that the data in
> the database is completely filled with HTML tags used for formatting the
> data/.
> eg: <p><b> text </b></p> etc...
>
> But I need to show the formatted text at some instances whereas normal
> text at other instances.
> Do let me know if we can somehow sanitize the text and strip off the
> html tags from it.
>
> Thanx a lot
> JON
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---

On 15 May 2008, at 11:16, web.bloggers wrote:
> I am new to rails and lately was introduced to FCK editor for  
> formatting
> text.
> Do you have any idea about how can we sanitize strings.
> I am using FCK editor for my text areas but because of that the data  
> in
> the database is completely filled with HTML tags used for formatting  
> the
> data/.
> eg: <p><b> text </b></p> etc...
>
> But I need to show the formatted text at some instances whereas normal
> text at other instances.
> Do let me know if we can somehow sanitize the text and strip off the
> html tags from it.
It would be nice if you didn''t crosspost on the Prototype/scripaculous
list, because that''s not the appropriate place for it.

You can use strip_tags in your view to strip out all the tags. Quite  
logical, as was to be expected by the Rails framework and Ruby in  
general.


Best regards

Peter De Berdt


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Please Try using Aptana Studio 1.0.1

On May 15, 2:16 pm, "web.bloggers"
<web.blogg...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:
> HI,
> I am new to rails and lately was introduced to FCK editor for formatting
> text.
> Do you have any idea about how can we sanitize strings.
> I am using FCK editor for my text areas but because of that the data in
> the database is completely filled with HTML tags used for formatting the
> data/.
> eg: <p><b> text </b></p> etc...
>
> But I need to show the formatted text at some instances whereas normal
> text at other instances.
> Do let me know if we can somehow sanitize the text and strip off the
> html tags from it.
>
> Thanx a lot
> JON
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

Try applying stripTags to it:

stripTags: function() {
     return this.replace(/<\/?[^>]+>/gi, '''');
   },

This is part of prototype, no need to add the code anywhere.

Another thing you might look at is using one of the many fine flavors  
of "plain text" formats, like Textile or Markdown, and use an editing
helper with that. You can load the editor with the raw text using the  
loadExternalText method. You would load your editor with the plain  
text (with bits of punctuation sprinkled in to indicate the style)  
but any HTML display of the same text would go through the  
appropriate formatter and become XHTML.

Keep the HTML out of your database if at all possible!

Walter

On May 15, 2008, at 5:16 AM, web.bloggers wrote:
> But I need to show the formatted text at some instances whereas normal
> text at other instances.
> Do let me know if we can somehow sanitize the text and strip off the
> html tags from it.

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Spinoffs" group.
To post to this group, send email to
rubyonrails-spinoffs-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-spinoffs-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-spinoffs?hl=en
-~----------~----~----~----~------~----~------~--~---

you should look at the white_list plugin if you''re using an older
version of rails though, strip_tags wasn''t really that secure till 2.0

http://svn.techno-weenie.net/projects/plugins/white_list/
http://www.rorsecurity.info/2007/08/17/dont-use-strip_tags-strip_links-and-sanitize/

On May 15, 10:01 pm, Peter De Berdt
<peter.de.be...-LPO8gxj9N8aZIoH1IeqzKA@public.gmane.org>
wrote:
> On 15 May 2008, at 11:16, web.bloggers wrote:
>
> > I am new to rails and lately was introduced to FCK editor for
> > formatting
> > text.
> > Do you have any idea about how can we sanitize strings.
> > I am using FCK editor for my text areas but because of that the data
> > in
> > the database is completely filled with HTML tags used for formatting
> > the
> > data/.
> > eg: <p><b> text </b></p> etc...
>
> > But I need to show the formatted text at some instances whereas normal
> > text at other instances.
> > Do let me know if we can somehow sanitize the text and strip off the
> > html tags from it.
>
> It would be nice if you didn''t crosspost on the
Prototype/scripaculous
> list, because that''s not the appropriate place for it.
>
> You can use strip_tags in your view to strip out all the tags. Quite
> logical, as was to be expected by the Rails framework and Ruby in
> general.
>
> Best regards
>
> Peter De Berdt
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---