thr3ads.net - Rails - pass iframe through sanitize [Mar 2012]

If this information is useful, please help other people find it:
Share via:

Grigory Antonov

2012-Mar-24 06:56 UTC

pass iframe through sanitize

Hello,
I want to let users place in textfield an iframe tag from google maps.
Sanitize cuts everything. I want to  add some kind of rule to sanitize, so 
it cuts js, but pass through an iframe from google maps and yandex maps
Tried to place in  config config.action_view.sanitized_allowed_tags = 
%w(''iframe'') . It didn''t help.
sample 
<iframe width="650" height="300"
frameborder="0" scrolling="no"
marginheight="0" marginwidth="0" 
src="http://maps.google.ru/maps/ms?hl=ru&amp;gl=ru&amp;ptab=2&amp;ie=UTF8&amp;oe=UTF8&amp;msa=0&amp;msid=217915074489641580339.0004929006f65793c1d47&amp;t=h&amp;source=embed&amp;ll=55.823209,37.8167&amp;spn=0.023998,0.037119&amp;output=embed"></iframe>

-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/rubyonrails-talk/-/64WCQGWi180J.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Shlomi Zadok

2012-Apr-02 20:48 UTC

head link

Re: pass iframe through sanitize

In config/initializers/sanitizer.rb

add:

HTML::WhiteListSanitizer.allowed_tags << ''iframe''

On Mar 24, 9:56 am, Grigory Antonov
<antono...-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
wrote:> Hello,
> I want to let users place in textfield an iframe tag from google maps.
> Sanitize cuts everything. I want to  add some kind of rule to sanitize, so
> it cuts js, but pass through an iframe from google maps and yandex maps
> Tried to place in  config config.action_view.sanitized_allowed_tags >
%w(''iframe'') . It didn''t help.
> sample
> <iframe width="650" height="300"
frameborder="0" scrolling="no"
> marginheight="0" marginwidth="0"
>
src="http://maps.google.ru/maps/ms?hl=ru&gl=ru&ptab=2&ie=UTF8&..."></iframe>
-- 
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.

Rails - Mar 2012 - pass iframe through sanitize

pass iframe through sanitize

Re: pass iframe through sanitize