Rails Sanitize: Safety + Allow Embeds

Question

Rails Sanitize: Safety + Allow Embeds

We create a custom content site where we want users to be able to embed things like videos, slide shows, etc. Can anyone recommend a generally accepted list of tags / attributes that allow misinformation in rails to give us good security, but at the same time allow us to create a good amount of inline content / html formatting?

+5

ruby-on-rails sanitization html-sanitizing

LMH Feb 25 '10 at 17:04

source share

3 answers

Toby Hede · Answer 1 · 2010-02-25T21:40:24+0000

While you are disconnected, you should be able to resolve objects. You might even be able to determine the actual acceptable parameters for the object tags, so that you only allow whitelisting, and no objects can be included.

, , . , URL- YouTube, .

: - YouTube , - , .

Dmytrii Nagirniak · Answer 2 · 2010-02-26T01:31:29+0000

, WYSIWYG Html- , , . :

- .
" " , OBJECT . .
, HTML.
( HEADER BOLD + FONT-SIZE).
, , , , HTML.

CMS- , , , .
, ( , SO).

HTML .
, , - :

My Face: image- http://here.there/bla.gif

HTML :

<a class='image-link' title='My Face' href='http://here.there/bla.gif'>
  <img alt='My Face' src='http://here.there/bla.gif' />
</a>

, .

, GitHub markdown, - .

, , WYSIWYG.

,
.

Kevin · Answer 3 · 2010-11-28T06:03:12+0000

. , youtube,

https://github.com/rgrove/sanitize

Rails Sanitize: Safety + Allow Embeds

More articles: