Why are the "tel:" links deleted during sanitation and how to resolve them

Question

Why are the "tel:" links deleted during sanitation and how to resolve them

I use the Rails sanitize helper to clear text input from users, which can be formatted as markdowns.

I noticed that the method removes links tel:, and I wonder why and how I can resolve them.

>> sanitize("<a href='http://123'>click</a>")
=> "<a href=\"http://123\">click</a>"
>> sanitize("<a href='tel:123'>click</a>")
=> "<a>click</a>"

Of course, I tried to figure out the above page, but could not. I would prefer to avoid writing a “scrubber” class or any other class for this simple task.

I also tried what, in my opinion, means "allow all hrefs", but it had no effect (even after restarting the server).

# In config/application.rb
config.action_view.sanitized_allowed_attributes = ['href']

+4

ruby-on-rails ruby-on-rails-4

Dannyb Feb 27 '16 at 14:24

source share

1

varunvlalan · Accepted Answer · 2016-02-27T15:01:36+0000

Rails 4 Loofah HTML. , .

Rails .

, Loofah::HTML5::WhiteList::ALLOWED_PROTOCOLS tel , , .

:

, tel .
Loofah:: HTML5:: :: ALLOWED_PROTOCOLS.add( '')
, .

Why are the "tel:" links deleted during sanitation and how to resolve them

More articles: