0

I am specifically developing an app in ruby on rails and i find that the ruby gem "sanitize" is very useful for cleaning the input by user but it does not remove inline javascript which makes it rather useless

I have gone through these but that does not sanitize inline javascript

Is there any better to do this(any gems or so)?

Community
  • 1
  • 1
funtime
  • 652
  • 1
  • 5
  • 20
  • Where are you printing it to? – alex Sep 21 '12 at 07:04
  • basically , the user can make a post... and i sanitized that input using "sanitize" gem...but then found later that the gem doesnt take care of inline javascript ...i didnt know how to work around inline javascript – funtime Sep 21 '12 at 07:10

1 Answers1

1

Well you can set a whitelist for sanitize to only allow specific tags and attributes, so i guess you already got what you are looking for:

Sanitize.clean(html, :elements => ['a', 'span'],
    :attributes => {'a' => ['href', 'title'], 'span' => ['class']},
    :protocols => {'a' => {'href' => ['http', 'https', 'mailto']}})

Snipped from http://wonko.com/post/sanitize

EJTH
  • 2,178
  • 1
  • 20
  • 25