HTML のサニタイズ

ActionView::Helpers::SanitizeHelper.sanitize

<%= sanitize @comment.body %>

<%= sanitize @comment.body, tags: %w(strong em a), attributes: %w(href) %>

参考:

sanitize – リファレンス – – Railsドキュメント

sanitize – ActionView::Helpers::SanitizeHelper | Ruby on Rails API [Official]

sanitize – rails/sanitize_helper.rb at 5-2-stable · rails/rails – GitHub

rails/rails-html-sanitizer – GitHub

WhiteListSanitizer – rails-html-sanitizer/sanitizer.rb at v1.0.4 · rails/rails-html-sanitizer – GitHub

ActionView::Helpers::SanitizeHelper.strip_links

strip_links('<a href="http://www.rubyonrails.org">Ruby on Rails</a>')
# => Ruby on Rails

参考:

strip_links – ActionView::Helpers::SanitizeHelper | Ruby on Rails API [Official]

ActionView::Helpers::SanitizeHelper.strip_tags

strip_tags("Strip <i>these</i> tags!")
# => Strip these tags!

参考:

strip_tags – ActionView::Helpers::SanitizeHelper | Ruby on Rails API [Official]

Sanitize (rgrove/sanitize)

参考:

rgrove/sanitize: Whitelist-based Ruby HTML and CSS sanitizer. – GitHub

Documentation for rgrove/sanitize | RubyDoc.info

railsでhtmlをsanitize gemでカスタマイズしてsanitizeしたい – Qiita

Strip out script tags before saving to database in rails – Stack Overflow

HTML 属性に変数を埋め込む

参考:

RailsでERBからJavaScriptにhashを渡す方法 – RE:ENGINES

タグ:

コメントを残す

メールアドレスが公開されることはありません。 * が付いている欄は必須項目です