search for: strip_tags

Hello, Is there a common way of stripping html tags from a string? Right now I''m just calling gsub!(/<.*?>/, ''''), but with a background in PHP and always having used its strip_tags() method, I wonder if the Rails community has standardized this fairly common task with something a bit less simpleminded than my quick fix. Thanks! Zack -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/2006053...

Hi all - I''ve got a rake task that migrates some old data (simple, loop through the old stuff, modify it a bit, and save it to the new system). That all works great. However, I''d like to use strip_tags() to remove all HTML from some of the fields I''m converting, but I can''t figure out how to include/use/require/load/etc the right stuff to make this work. For now, I just copied the strip_tags() definition out of the text_helper.rb file, but that is evil(tm)... Am I just miss...

I''m having trouble succesfully getting access to the ActionView::Helpers::TextHelper.strip_tags method from one of my controllers. If I try to call it directly using ActionView::Helpers::TextHelper.strip_tags I get undefined method `strip_tags'' for ActionView::Helpers::TextHelper:Module What is the preferred way to make ActionView helpers available to a descendant of ActionCon...

The rubyonrails-security announcement for CVE-2012-3465 "XSS Vulnerability in strip_tags" mentions that a work around for earlier versions should be attached, but there''s none, only patches for 3.0 series and up. Is the work around available? If so, where can I get hold of it? Thanks in advance, Peter -- Posted via http://www.ruby-forum.com/. -- You received this me...

All, I''ve discovered an incompatibility between HTMLTools 1.09 (a very handy HTML parser) and ActionPack 1.12.1. Basically, they both do some HTML parsing and they both create a module named HTML::Tag, which causes confusion when said Tag object attempts to be instantiated in the ActionPack context. That said, now I get to choose which one''s namespace to fiddle with. But a

...54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45),CHAR(45,120,49,57,45,81,45),CHAR(45,120,50,48,45,81,45),CHAR(45,120,50,49,45,81,45),CHAR(45,120,50,50,45,81,45),CHAR(45,120,50,51,45,81,45) -- /* and reject any incoming string containing ' or " in addition to PHP's strip_tags and (deprecated in later versions) mysql_real_escape_string($_GET['....'],$link); I do not use Wordpress or anything like it. -- Regards, Paul. England, EU. England's place is in the European Union.

...HTML::Document#text emits unencoded HTML entities prior to 0.4.6. This was originally by design, since the output of #text is intended to be used in a non-HTML context (such as generation of human-readable text documents). However, Loofah::XssFoliate''s default behavior and Loofah::Helpers#strip_tags both use #text to strip tags out of the output, meaning that the following input: &lt;script&gt;alert(''evil!'');&lt;/script&gt; would be rendered as <script>alert(''evil!'');</script> Fail. Impact ---------- Applications relyin...

say i wanted to allow only certain html characters from my user submissions, and strip everything else. does rails have a built-in for this?

Rails'' docs state for strip_tags: "Strips all HTML tags from the input, including comments. This uses the html-scanner tokenizer and so it?s HTML parsing ability is limited by that of html-scanner.Returns the tag free text." What''s "html-scanner" (some brief Googling didn''t find anything...

For the life of me I can''t get it to work. Here is an example of my syntax. I''m trying to make comment.name a link to comment.web_site only if there is a comment.web_site. Can someone please help? <%= link_to_if(comment.web_site.length > 0, comment.name, comment.web_site {"class" => "comment_by"}) %> -- Posted via

...not practical. I''m surprised there''s no basic validation for this (that I can see), so I''m hoping that''s because there''s a common technique which combines some other tool with validations to do this? What I''m thinking of is something like strip_tags except that it is usable on the model side of things. -- gw (www.railsdev.ws) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrail...

On 03/24/2016 07:57 AM, Always Learning wrote: > I should have imposed strict controls on the length of > parameters passed to programmes via web pages $_GET[] such as... > and reject any incoming string containing ' or " in addition to PHP's > strip_tags and (deprecated in later versions) > mysql_real_escape_string($_GET['....'],$link); No. No. Nooooooooo. You're missing the point that everyone is trying to communicate to you. Do not use string concatenation. Do not use sprintf. Do not use mysql_real_escape_string(). Use pr...

...te: > On 03/24/2016 07:57 AM, Always Learning wrote: > > I should have imposed strict controls on the length of > > parameters passed to programmes via web pages $_GET[] such as... > > and reject any incoming string containing ' or " in addition to PHP's > > strip_tags and (deprecated in later versions) > > mysql_real_escape_string($_GET['....'],$link); > > No. No. Nooooooooo. > > You're missing the point that everyone is trying to communicate to you. > Do not use string concatenation. Do not use sprintf. Do not use >...

All, I am interested in trying to generate a text version of an HTML document. Does any one know of any modules that may be of use to me? A cursory search has not yielded any results. Thanks, Wes -- Posted via http://www.ruby-forum.com/.

Been searching for a function that can do this, but have onl found a helper function. is there a way to strip all html tags of a string in a controller? Thanks -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group,

Hello all, In a summary page I need to show the 1st 100 chars of textilized messages. Problem: truncate(..) would often cut in the middle of html tags => random result. My first idea was to "repair" the broken text with Hpricot (as I use it elsewhere in the project), but it''s not perfect: <h1>abcd</h would give <h1>abcd</h</h1> (I also use

...p me, I run my source code using rake task. It seems no error was trace, but when I look the table it doesn''t insert.I select the data here MysqlDB.Tablename and update/insert here SQLserverDB.TableName. # Start Here # rake mysqldata_select:sqldata_update def clean_html(html) new_html = strip_tags(html) # remove html tags new_html = decode_entities(new_html) # remove html encoded items new_html = new_html.strip # remove any whitespace from the edge of content end namespace :mysqldata_select do LOCATIONS = {1 => 6, 2 => 5, 3 => 5} task :sqldata_update => :environment do...

i found the following functions or method to escape HTML, URL params, or Javascript data: <%= h @ha %> <%= sanitize @ha %> <%= u @ha %> <%= @ha.to_json %> <%= strip_tags @ha %> are they more functions or methods to do these things? and are there alternative ways to do that? thanks. -- Posted via http://www.ruby-forum.com/.

I have a model that deals with HTML and I want to use the text_helper.sanitize method to strip the HTML of Javascript. However, it doesn''t appear that I can get easy access to the text_helper methods from within a model. Anyone have any suggestions for how to do this? In general, I think that there are some ActionView helpers which are generic enough to want to use in a model class.

...class=''subheading''>Posted by " + result.field(''created_by'').string_value + " at " + result.field(''created_on'').string_value + "</span> " 19: if !result.field(''body'').nil? 20: description = strip_tags(result.field(''body'').string_value) #{RAILS_ROOT}/app/views/search/results.rhtml:17:in `_run_rhtml_search_results'' #{RAILS_ROOT}/app/views/search/results.rhtml:16:in `each'' #{RAILS_ROOT}/app/views/search/results.rhtml:16:in `_run_rhtml_search_result...