SanitizeHelper
The SanitizeHelper
methods support a variety of
approaches to escaping HTML and CSS. They complement the h
method (short for html_escape
, part of the
ERb:Util
class) by providing other approaches to
escaping markup or letting it pass:
sanitize
The
sanitize
method provides a customizable approach to removing attributes and markup that you donât want to pass through. The customization can be specified through the:tags
and:attributes
parameters, or set by default through initializer code.sanitize_css
The
sanitize_css
method removes features from CSS that the creators ofsanitize
felt were too dangerous. This is used bysanitize
on style attributes.strip_links
The
strip_links
method leaves markup other than links intact, but removes all links from the argument.strip_tags
The
strip_tags
method removes all HTML markup from the argument. (The documentation warns that it may not always find all HTML markup, however.)
Get Learning Rails: Live Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.