HTML のサニタイズ
ActionView::Helpers::SanitizeHelper.sanitize
<%= sanitize @comment.body %> <%= sanitize @comment.body, tags: %w(strong em a), attributes: %w(href) %>
参考:
sanitize – リファレンス – – Railsドキュメント
sanitize – ActionView::Helpers::SanitizeHelper | Ruby on Rails API [Official]
sanitize – rails/sanitize_helper.rb at 5-2-stable · rails/rails – GitHub
rails/rails-html-sanitizer – GitHub
ActionView::Helpers::SanitizeHelper.strip_links
strip_links('<a href="http://www.rubyonrails.org">Ruby on Rails</a>')
# => Ruby on Rails
参考:
strip_links – ActionView::Helpers::SanitizeHelper | Ruby on Rails API [Official]
ActionView::Helpers::SanitizeHelper.strip_tags
strip_tags("Strip <i>these</i> tags!")
# => Strip these tags!
参考:
strip_tags – ActionView::Helpers::SanitizeHelper | Ruby on Rails API [Official]
Sanitize (rgrove/sanitize)
参考:
rgrove/sanitize: Whitelist-based Ruby HTML and CSS sanitizer. – GitHub
Documentation for rgrove/sanitize | RubyDoc.info
railsでhtmlをsanitize gemでカスタマイズしてsanitizeしたい – Qiita
Strip out script tags before saving to database in rails – Stack Overflow
HTML 属性に変数を埋め込む
参考: