The SanitizeHelper module provides a set of methods for scrubbing text of
undesired HTML elements. These helper methods extend ActionView making them
callable within your template files.
| Public Methods |
| included |
|
| sanitize |
This #sanitize helper will html encode all tags and strip all attributes
that aren’t specifically allowed. It also strips href/src tags with
invalid protocols, like javascript: especially. It does its best to counter
any tricks that hackers may use, like throwing in unicode/ascii/hex values
to get past the javascript: filters. Check out the extensive test suite.
|
| sanitize_css |
Sanitizes a block of css code. Used by #sanitize when it comes across a
style attribute
|
| strip_links |
Strips all link tags from text leaving just the link text.
|
| strip_tags |
Strips all HTML tags from the html, including comments. This uses
the html-scanner tokenizer and so its HTML parsing ability is limited by
that of html-scanner.
|
<code/>and<pre/>for code samples.