Rails - Jul 2006 - forum supports some-html

Hi there,

I have a forum which allow user to post comment.
For security reason, when user submit a new post , I will use h() to escape
any html or javascript code.

Is there any function likes h(), which will escape most of the
html/javascript code,
but also keep some basic html elements like <a>, <strong>,
<br>.... so that
user can post comment with some-html ?
Thanks.

Gary
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060730/280404f0/attachment-0001.html

"Gary Lin" <garychlin@gmail.com> writes:
> Hi there,
>
> I have a forum which allow user to post comment.
> For security reason, when user submit a new post , I will use h() to escape
> any html or javascript code.
>
> Is there any function likes h(), which will escape most of the
> html/javascript code,
> but also keep some basic html elements like <a>, <strong>,
<br>.... so that
> user can post comment with some-html ?
sanitize


-- 
Surendra Singhi
http://ssinghi.kreeti.com, http://www.kreeti.com
Read my blog at: http://cuttingtheredtape.blogspot.com/
,----
| "All animals are equal, but some animals are more equal than
others."
|     -- Orwell, Animal Farm, 1945
`----