Rails sanitize
The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.
只允许 sanitize 方法中指定的标签和属性输出到页面,防止注入
sanitize(html, options = {})
Sanitizes HTML input, stripping all tags and attributes that aren't whitelisted.
It also strips href/src attributes with unsafe protocols like javascript:
, while also protecting against attempts to use Unicode, ASCII, and hex character references to work around these protocol filters.
The default sanitizer is Rails::Html::WhiteListSanitizer. See Rails HTML Sanitizers for more information.
Custom sanitization rules can also be provided.
Please note that sanitizing user-provided text does not guarantee that the resulting markup is valid or even well-formed. For example, the output may still contain unescaped characters like <
, >
, or &
.
:tags
- An array of allowed tags.:attributes
- An array of allowed attributes.:scrubber
- A Rails::Html scrubber or Loofah::Scrubber object that defines custom sanitization rules. A custom scrubber takes precedence over custom tags and attributes.
module AnnouncementsHelperdef safe_content(content)sanitize(content, tags: %w(b br))end end
<p><strong><%= t 'content' %></strong><%= safe_content @announcement.content %> </p>
http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
Rails sanitize相关推荐
- Rails安全导读【完】
本文的译言链接是: [url]http://www.yeeyan.com/articles/view/blackanger/18007[/url] 8.注入 - 注入这类***是给一个web应用引入恶 ...
- rails table html,Ruby on Rails:如何将字符串呈现为HTML?
我有 @str ="Hi" 在我的erb视图中: 当我真正想要的是Hi时,页面上将显示:Hi. 将字符串"解释"为HTML标记的红宝石方法是什么? 编辑:这种情 ...
- rails 的 Helpers
Action View:Helpers Measuring programming progress by lines of code is like measuring aircraft build ...
- 诗歌rails之如何写一个简单的Rails Plugin
生成plugin骨架代码: Ruby代码 ruby script\generate plugin MyPlugin ruby script\generate plugin MyPlugin 功能需求: ...
- 我的Rails笔记(1)
<Agile Web Development With Rails>Notebook. 环境: Rails 3.1.0 Gem 1.8.10 Ruby ruby 1.9.2p180 1. ...
- [rails] 我的订餐系统 -- 小试ruby on rails(转)
前言 近期在java社区中一种新的脚本语言ruby,及用ruby开发的一个wab框架 rails也热闹了起来.引起了不少的java开发人员的关注. 本人平时还是很少接触脚本语言方面东东 ...
- rails 添加外键_如何在Rails后端中添加功能强大的搜索引擎
rails 添加外键 by Domenico Angilletta 通过多梅尼科·安吉列塔(Domenico Angilletta) In my experience as a Ruby on Rai ...
- ruby on rails_我成为了Ruby on Rails和React的贡献者,你也可以
ruby on rails I am really grateful to have contributed to a few open source projects, including two ...
- 新手安装ruby on rails(ror)的成功必备手册
2019独角兽企业重金招聘Python工程师标准>>> 如何快速正确的安装 Ruby, Rails 运行环境 每一位使用windows系统来进行ROR开发项目的都是这个世界上折翼的天 ...
最新文章
- 2006年猪的述职报告
- C++的黑科技之进制转换
- 【数据竞赛】2020首届海洋目标智能感知国际挑战赛冠军方案分享
- ios上编译c语言的app,iOS App编译流程
- JavaScript JSON操作
- 2016年物联网市场5大趋势
- zxing qr区域判断_如何在Java中使用Zxing和JFreeSVG创建QR Code SVG?
- linux系统不关机添加硬盘吗,Linux服务器不关机新增硬盘的方法
- java中1%3c%3c2_从零开始java代码审计系列(四)
- 基于WCF的通道网络传输数据压缩技术的应用研究
- 「leetcode」349. 两个数组的交集:哈希值太大了,还是得用set
- git bash提交代码步骤
- Centos7 64位镜像下载
- 菜鸟安装linux虚拟机
- sunOracle t4系列小型机服务器配置详解
- Python基础之面向对象知识创建一个游戏角色
- 【OR】S Lemma
- 推荐系统1--协同过滤
- Pytorch学习笔记——LeNet模型
- 百度云高速下载器 kinhdown