SanitizeHelper
The SanitizeHelper
methods
support a variety of approaches to escaping HTML and CSS. They
complement the h
method (short for
html_escape
, part of the ERb:Util
class) by providing other approaches
to escaping markup or letting it pass:
sanitize
The
sanitize
method provides a customizable approach to removing attributes and markup that you donât want to pass through. The customization can be specified through the:tags
and:attributes
parameters, or set by default through initializer code.sanitize_css
The
sanitize_css
method removes features from CSS that the creators ofsanitize
felt were too dangerous. This is used bysanitize
on style attributes.strip_links
The
strip_links
method leaves markup other than links intact, but removes all links from the argument.strip_tags
The
strip_tags
method removes all HTML markup from the argument. (The documentation warns that it may not always find all HTML markup, however.)
Get Learning Rails now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.