Displaying 5 results from an estimated 5 matches for "sanitizehelp".
Did you mean:
sanitizehelper
2007 Nov 16
0
ActionView::Helpers::SanitizeHelper.sanitize docs
Hello,
First sentence of sanitize() method doc says: "This sanitize helper
will html encode all tags and strip all attributes that aren''t
specifically allowed."
But sanitize("<h1>foo</h1> <bar>should html encode</bar>") ==
"<h1>foo</h1> should html encode".
Shouldn''t it html encode <bar> to
2009 Mar 05
0
Insert using Rake Task
...ml = decode_entities(new_html) # remove html encoded items
new_html = new_html.strip # remove any whitespace from the edge of
content
end
namespace :mysqldata_select do
LOCATIONS = {1 => 6, 2 => 5, 3 => 5}
task :sqldata_update => :environment do
include ActionView::Helpers::SanitizeHelper
MysqlData::TableName.all(:conditions => {:field_id => [1,2,3]},
:order => :field_primary).each{ |j|
r = TableName.new
# place
r.field = j.field_primary
r.location_id = LOCATIONS[j.field_id]
# save the item to get an ID
r.save
# find any tran...
2011 Apr 14
2
what is the h for in <td><%=h s.name %></td>?
<% songs.each do |s| %>
<td><%=h s.name %></td>
<% end %>
If i will remove the h..the output is still the same.. thank you for
your replies
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to
2008 Feb 01
4
How to sanitize _before_ going into the database?
I use a call to the sanitize method every time I render some user
input, but it would be much nicer if I could clean it up once before
putting it into the database and avoid having to call the (relatively
expensive) sanitize every time I render a page.
My first thought was to just add something like:
def message=(x)
self[:message]=sanitize(x)
end
However, the sanitize helper cannot be called
2007 Nov 29
27
Strip & Sanitize BEFORE saving data
So I''ve googled my brains out, and I see a lot of talk about
TextHelper for views, but next to no discussion about cleaning text
_before_ it is saved.
I figured this had to be asked 4 zillion times, but I''m not finding
anything concrete/obvious.
Using h is fine as a safety catch, but that alone is not acceptable
to me as the means of diffusing the impact of HTML or JS