SanitizeHelper

The SanitizeHelper methods support a variety of approaches to escaping HTML and CSS. They complement the h method (short for html_escape, part of the ERb:Util class) by providing other approaches to escaping markup or letting it pass:

sanitize: The sanitize method provides a customizable approach to removing attributes and markup that you donât want to pass through. The customization can be specified through the :tags and :attributes parameters, or set by default through initializer code.
sanitize_css: The sanitize_css method removes features from CSS that the creators of sanitize felt were too dangerous. This is used by sanitize on style attributes.
strip_links: The strip_links method leaves markup other than links intact, but removes all links from the argument.
strip_tags: The strip_tags method removes all HTML markup from the argument. (The documentation warns that it may not always find all HTML markup, however.)

Get Learning Rails: Live Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning Rails: Live Edition by Simon St. Laurent, Edd Dumbill

SanitizeHelper

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly