Is there a way I can take away Javascript from a user input but let them use HTML? Or rather, is there a built in function that just takes away <script> and leaves all the other tags in tact or would I have to make one myself? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Mike C wrote:> Is there a way I can take away Javascript from a user input but let > them use HTML? Or rather, is there a built in function that just takes > away <script> and leaves all the other tags in tact or would I have to > make one myself?You probably want sanitize: http://api.rubyonrails.com/classes/ActionView/Helpers/SanitizeHelper.html#M000936 It will make JavaScript and forms innocuous leaving everything else intact. You can easily customize it to suit your requirements. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---