SitePoint Sponsor |
|
User Tag List
Results 1 to 2 of 2
Thread: RedCloth & filter_html
-
Jun 27, 2006, 11:57 #1
RedCloth & filter_html
Hello,
I'm trying to use RedCloth to allow users to format comments without creating security vulnerabilities. I have filter_html enabled and it filters out everything except when the user submits something like:
Code:<a href="javascript:_______">Danger Link</a>
Ohai!
-
Jun 28, 2006, 11:41 #2
- Join Date
- Aug 2005
- Posts
- 986
- Mentioned
- 0 Post(s)
- Tagged
- 0 Thread(s)
Use sanitize:
Code:<%= sanitize(@comment.text) %>
Bookmarks