Displaying 20 results from an estimated 25 matches for "strip_tags".
2006 May 30
7
Stripping HTML tags from a string
Hello,
Is there a common way of stripping html tags from a string? Right now I''m
just calling gsub!(/<.*?>/, ''''), but with a background in PHP and always
having used its strip_tags() method, I wonder if the Rails community has
standardized this fairly common task with something a bit less simpleminded
than my quick fix.
Thanks!
Zack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/2006053...
2006 May 11
0
Using action view helpers (strip_tags) in a rake task?
Hi all -
I''ve got a rake task that migrates some old data (simple, loop through the
old stuff, modify it a bit, and save it to the new system). That all
works great.
However, I''d like to use strip_tags() to remove all HTML from some of the
fields I''m converting, but I can''t figure out how to
include/use/require/load/etc the right stuff to make this work.
For now, I just copied the strip_tags() definition out of the
text_helper.rb file, but that is evil(tm)...
Am I just miss...
2006 May 15
1
Simple: How to use TextHelper in a controller
I''m having trouble succesfully getting access to the
ActionView::Helpers::TextHelper.strip_tags
method from one of my controllers.
If I try to call it directly using
ActionView::Helpers::TextHelper.strip_tags
I get
undefined method `strip_tags'' for ActionView::Helpers::TextHelper:Module
What is the preferred way to make ActionView helpers available to a
descendant of ActionCon...
2012 Aug 10
0
Missing earlier versions work around for "XSS Vulnerability in strip_tags"
The rubyonrails-security announcement for CVE-2012-3465 "XSS
Vulnerability in strip_tags" mentions that a work around for earlier
versions should be attached, but there''s none, only patches for 3.0
series and up.
Is the work around available? If so, where can I get hold of it?
Thanks in advance,
Peter
--
Posted via http://www.ruby-forum.com/.
--
You received this me...
2006 May 16
0
htmltools 1.09 doesn''t play nice with ActionPack strip_tags!
All,
I''ve discovered an incompatibility between HTMLTools 1.09 (a very handy
HTML parser) and ActionPack 1.12.1.
Basically, they both do some HTML parsing and they both create a module
named HTML::Tag, which causes confusion when said Tag object attempts to
be instantiated in the ActionPack context.
That said, now I get to choose which one''s namespace to fiddle with.
But a
2016 Mar 24
2
C5 MySQL injection attack ("Union Select")
...54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45),CHAR(45,120,49,57,45,81,45),CHAR(45,120,50,48,45,81,45),CHAR(45,120,50,49,45,81,45),CHAR(45,120,50,50,45,81,45),CHAR(45,120,50,51,45,81,45) -- /*
and reject any incoming string containing ' or " in addition to PHP's
strip_tags and (deprecated in later versions)
mysql_real_escape_string($_GET['....'],$link);
I do not use Wordpress or anything like it.
--
Regards,
Paul.
England, EU. England's place is in the European Union.
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
...HTML::Document#text emits unencoded HTML entities prior to
0.4.6. This was originally by design, since the output of #text is
intended to be used in a non-HTML context (such as generation of
human-readable text documents).
However, Loofah::XssFoliate''s default behavior and
Loofah::Helpers#strip_tags
both use #text to strip tags out of the output, meaning that the following
input:
<script>alert(''evil!'');</script>
would be rendered as
<script>alert(''evil!'');</script>
Fail.
Impact
----------
Applications relyin...
2006 Mar 03
2
strip html
say i wanted to allow only certain html characters from my user
submissions, and strip everything else. does rails have a built-in for
this?
2006 Mar 14
1
html-scanner in controller?
Rails'' docs state for strip_tags:
"Strips all HTML tags from the input, including comments. This uses the
html-scanner tokenizer and so it?s HTML parsing ability is limited by
that of html-scanner.Returns the tag free text."
What''s "html-scanner" (some brief Googling didn''t find anything...
2006 Jan 04
5
help with link_to_if, I can''t make it work...
For the life of me I can''t get it to work. Here is an example of my
syntax. I''m trying to make comment.name a link to comment.web_site only
if there is a comment.web_site. Can someone please help?
<%= link_to_if(comment.web_site.length > 0, comment.name,
comment.web_site {"class" => "comment_by"}) %>
--
Posted via
2007 Nov 29
27
Strip & Sanitize BEFORE saving data
...not practical.
I''m surprised there''s no basic validation for this (that I can see),
so I''m hoping that''s because there''s a common technique which
combines some other tool with validations to do this?
What I''m thinking of is something like strip_tags except that it is
usable on the model side of things.
-- gw (www.railsdev.ws)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrail...
2016 Mar 24
0
C5 MySQL injection attack ("Union Select")
On 03/24/2016 07:57 AM, Always Learning wrote:
> I should have imposed strict controls on the length of
> parameters passed to programmes via web pages $_GET[] such as...
> and reject any incoming string containing ' or " in addition to PHP's
> strip_tags and (deprecated in later versions)
> mysql_real_escape_string($_GET['....'],$link);
No. No. Nooooooooo.
You're missing the point that everyone is trying to communicate to you.
Do not use string concatenation. Do not use sprintf. Do not use
mysql_real_escape_string().
Use pr...
2016 Mar 24
1
C5 MySQL injection attack ("Union Select")
...te:
> On 03/24/2016 07:57 AM, Always Learning wrote:
> > I should have imposed strict controls on the length of
> > parameters passed to programmes via web pages $_GET[] such as...
> > and reject any incoming string containing ' or " in addition to PHP's
> > strip_tags and (deprecated in later versions)
> > mysql_real_escape_string($_GET['....'],$link);
>
> No. No. Nooooooooo.
>
> You're missing the point that everyone is trying to communicate to you.
> Do not use string concatenation. Do not use sprintf. Do not use
>...
2006 May 03
1
Ruby based HTML - to - text converter?
All,
I am interested in trying to generate a text version of an HTML
document.
Does any one know of any modules that may be of use to me?
A cursory search has not yielded any results.
Thanks,
Wes
--
Posted via http://www.ruby-forum.com/.
2007 Jan 04
2
remove html tags from string in controller, how?
Been searching for a function that can do this, but have onl found a
helper function.
is there a way to strip all html tags of a string in a controller?
Thanks
--
Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group,
2007 Mar 29
1
improving on: truncate(..) + rendered text ?
Hello all,
In a summary page I need to show the 1st 100 chars of textilized messages.
Problem: truncate(..) would often cut in the middle of html tags =>
random result.
My first idea was to "repair" the broken text with Hpricot (as I use
it elsewhere in the project), but it''s not perfect:
<h1>abcd</h
would give
<h1>abcd</h</h1>
(I also use
2009 Mar 05
0
Insert using Rake Task
...p me, I run my source code using rake task. It seems no
error was trace, but when I look the table it doesn''t insert.I select
the data here MysqlDB.Tablename and update/insert here
SQLserverDB.TableName.
# Start Here
# rake mysqldata_select:sqldata_update
def clean_html(html)
new_html = strip_tags(html) # remove html tags
new_html = decode_entities(new_html) # remove html encoded items
new_html = new_html.strip # remove any whitespace from the edge of
content
end
namespace :mysqldata_select do
LOCATIONS = {1 => 6, 2 => 5, 3 => 5}
task :sqldata_update => :environment do...
2009 Apr 22
2
what escape or sanitize functions are out there?
i found the following functions or method to escape HTML, URL params, or
Javascript data:
<%= h @ha %>
<%= sanitize @ha %>
<%= u @ha %>
<%= @ha.to_json %>
<%= strip_tags @ha %>
are they more functions or methods to do these things?
and are there alternative ways to do that? thanks.
--
Posted via http://www.ruby-forum.com/.
2006 Aug 10
3
Want to use a view helper (TextHelper) in a model class
I have a model that deals with HTML and I want to use the
text_helper.sanitize method to strip the HTML of Javascript.
However, it doesn''t appear that I can get easy access to the text_helper
methods from within a model.
Anyone have any suggestions for how to do this?
In general, I think that there are some ActionView helpers which are
generic enough to want to use in a model class.
2006 Apr 22
2
Ferret C Indexer Error: Fields not stored in index?
...class=''subheading''>Posted by " +
result.field(''created_by'').string_value + " at " +
result.field(''created_on'').string_value + "</span> "
19: if !result.field(''body'').nil?
20: description = strip_tags(result.field(''body'').string_value)
#{RAILS_ROOT}/app/views/search/results.rhtml:17:in
`_run_rhtml_search_results''
#{RAILS_ROOT}/app/views/search/results.rhtml:16:in `each''
#{RAILS_ROOT}/app/views/search/results.rhtml:16:in
`_run_rhtml_search_result...