Rails sanitize
The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.
只允许 sanitize 方法中指定的标签和属性输出到页面,防止注入
sanitize(html, options = {})
Sanitizes HTML input, stripping all tags and attributes that aren't whitelisted.
It also strips href/src attributes with unsafe protocols like javascript:
, while also protecting against attempts to use Unicode, ASCII, and hex character references to work around these protocol filters.
The default sanitizer is Rails::Html::WhiteListSanitizer. See Rails HTML Sanitizers for more information.
Custom sanitization rules can also be provided.
Please note that sanitizing user-provided text does not guarantee that the resulting markup is valid or even well-formed. For example, the output may still contain unescaped characters like <
, >
, or &
.
:tags
- An array of allowed tags.:attributes
- An array of allowed attributes.:scrubber
- A Rails::Html scrubber or Loofah::Scrubber object that defines custom sanitization rules. A custom scrubber takes precedence over custom tags and attributes.
module AnnouncementsHelperdef safe_content(content)sanitize(content, tags: %w(b br))end end
<p><strong><%= t 'content' %></strong><%= safe_content @announcement.content %> </p>
http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
Rails sanitize相关推荐
- Rails安全导读【完】
本文的译言链接是: [url]http://www.yeeyan.com/articles/view/blackanger/18007[/url] 8.注入 - 注入这类***是给一个web应用引入恶 ...
- rails table html,Ruby on Rails:如何将字符串呈现为HTML?
我有 @str ="Hi" 在我的erb视图中: 当我真正想要的是Hi时,页面上将显示:Hi. 将字符串"解释"为HTML标记的红宝石方法是什么? 编辑:这种情 ...
- rails 的 Helpers
Action View:Helpers Measuring programming progress by lines of code is like measuring aircraft build ...
- 诗歌rails之如何写一个简单的Rails Plugin
生成plugin骨架代码: Ruby代码 ruby script\generate plugin MyPlugin ruby script\generate plugin MyPlugin 功能需求: ...
- 我的Rails笔记(1)
<Agile Web Development With Rails>Notebook. 环境: Rails 3.1.0 Gem 1.8.10 Ruby ruby 1.9.2p180 1. ...
- [rails] 我的订餐系统 -- 小试ruby on rails(转)
前言 近期在java社区中一种新的脚本语言ruby,及用ruby开发的一个wab框架 rails也热闹了起来.引起了不少的java开发人员的关注. 本人平时还是很少接触脚本语言方面东东 ...
- rails 添加外键_如何在Rails后端中添加功能强大的搜索引擎
rails 添加外键 by Domenico Angilletta 通过多梅尼科·安吉列塔(Domenico Angilletta) In my experience as a Ruby on Rai ...
- ruby on rails_我成为了Ruby on Rails和React的贡献者,你也可以
ruby on rails I am really grateful to have contributed to a few open source projects, including two ...
- 新手安装ruby on rails(ror)的成功必备手册
2019独角兽企业重金招聘Python工程师标准>>> 如何快速正确的安装 Ruby, Rails 运行环境 每一位使用windows系统来进行ROR开发项目的都是这个世界上折翼的天 ...
最新文章
- linux 天堂测试软件,[Ubuntu] HTTP Live Streaming 安装测试
- linux 之 rpm 网站
- 【Linux病毒】腾讯云 cron、sshd 进程CPU占用超95%(亡命徒 Outlaw 僵尸网络攻击)问题排查及处理步骤
- cuda,nvidia-driver ,cudnn下载地址及版本对应
- 使用report找出系统里维护了available status reason的document
- python class函数报错_Python multiprocess pool模块报错pickling error问题解决方法分析
- opencv图像分割2-GMM
- 小米球ngrok内网穿透
- 10php1c,PHP程序员,进阶选择C还是C++亦或者别语言
- Unity UGUI——UI基础,Canvas
- 学点 C 语言(22): 数据类型 - 多维数组与指针
- java+classpath的理解_Java配置path和classpath的含义详解-Go语言中文社区
- Win7下建立Wifi热点
- Swift与OC混编
- jenkin环境搭建
- 软考资料-软件设计师
- iOS H264编码及解码
- ps:修改图片背景颜色
- java学习笔记第三周(二)
- Win10系统邮件添加QQ邮件账户