White List
This White Listing helper will html encode all tags and strip all attributes that aren’t specifically allowed. It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out the extensive test suite.
<%= white_list @article.body %>You can add or remove tags/attributes if you want to customize it a bit.
add table tags
WhiteListHelper.tags += %w(table td th)remove tags
WhiteListHelper.tags -= %w(div span)clear any attributes that are allowed for tags
WhiteListHelper.attributes['a'] = []allow a new attribute for the tag
WhiteListHelper.attributes['img'] += %w(style)add new tag with attributes
WhiteListHelper.attributes['table'] = %w(cellpadding cellspacing)change allowed attributes for all tags
WhiteListHelper.attributes[nil] = %w(id class style)NOTE: This description has been extracted from the Plugin README and so the formatting may need updating to make browser friendly
Edit
ReportUsers
- > Jay Zeschin
- > Marcel Scherf
- > Kevin Elliott
- > Tom Green
- > Kishyr Ramdial
- > David Stevenson
- > Leandro Marcucci
- > Matthew Vincent
- > Jamal Hansen
- > Edwin V.
