Rails3 sanitize escape HTML rather than remove

Question

Is there a way to have the ActionView::Helpers::SanitizeHelper#sanitize method escape the offending HTML rather than just completely removing it?

I would use h but I need the sanitize method because you can set it to ignore certain tags.

score 1 · Answer 1 · answered Aug 10 '12 at 16:15

1

You can also use ruby's CGI::escapeHTML method

self.content = CGI::escapeHTML(self.content)

answered Aug 10 '12 at 16:15

nottombrown

score 1 · Accepted Answer · answered May 18 '11 at 03:12

1

The built-in sanitize method is merely a shortcut utility, and doesn't even handle malformed markup.

Please do yourself a favor and check out http://github.com/rgrove/sanitize

You can build filters for specific tags and is highly-customizable.

answered May 18 '11 at 03:12

Unixmonkey

This gem is much better than the built in function, but I still don't see how to escape the offending HTML rather than removing it. Now that I think about it, its probably not possible, as both of these are designed to handle attributes as well, and you can't just escape attributes. – user545139 May 18 '11 at 12:40
I now see the `:transformers` option – user545139 May 18 '11 at 13:30

2 Answers2