SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Thread: RedCloth & filter_html

  1. Jun 27, 2006 11:57 #1
    Majglow
    Majglow is offline
    SitePoint Guru Majglow's Avatar
    Join Date
    Aug 1999
    Location
    B-Town
    Posts
    645
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    RedCloth & filter_html

    Hello,

    I'm trying to use RedCloth to allow users to format comments without creating security vulnerabilities. I have filter_html enabled and it filters out everything except when the user submits something like:

    Code:
    <a href="javascript:_______">Danger Link</a>
    Is there any way to filter that out?
    Ohai!
  2. Jun 28, 2006 11:41 #2
    Fenrir2
    Fenrir2 is offline
    SitePoint Guru
    Join Date
    Aug 2005
    Posts
    986
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use sanitize:

    Code:
    <%= sanitize(@comment.text) %>
    http://railsmanual.com/module/Action...elper/sanitize
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules