SitePoint Sponsor

User Tag List

Results 1 to 2 of 2

Hybrid View

  1. #1
    SitePoint Guru Majglow's Avatar
    Join Date
    Aug 1999
    Location
    B-Town
    Posts
    645
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    RedCloth & filter_html

    Hello,

    I'm trying to use RedCloth to allow users to format comments without creating security vulnerabilities. I have filter_html enabled and it filters out everything except when the user submits something like:

    Code:
    <a href="javascript:_______">Danger Link</a>
    Is there any way to filter that out?
    Ohai!

  2. #2
    SitePoint Guru
    Join Date
    Aug 2005
    Posts
    986
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Use sanitize:

    Code:
    <%= sanitize(@comment.text) %>
    http://railsmanual.com/module/Action...elper/sanitize


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •