That's what I meant. But if you override the show page, don't you (or rather your users) become susceptible to cross site scripting attacks, etc? I was just wondering if people used some sort of markup language like textile or markdown to limit the tags users can input, etc. rather than allowing them to input full html.
Carl On Mon, Jun 1, 2009 at 5:12 AM, Sergio Cambra .:: entreCables S.L. ::. < [email protected]> wrote: > On Lunes, 1 de Junio de 2009 13:27:46 Carl Anderson escribió: > > So do you then just display the record without using the h method, since > > from what I recall it escapes the html tags out? > > > I don't show those fields in list or show pages. But you can define a new > form_ui which don't use h method, or define a field override for your list > or show page which don't use the h method. > > > > > > Carl > > > > On Mon, Jun 1, 2009 at 12:19 AM, Sergio Cambra .:: entreCables S.L. ::. < > > > > [email protected]> wrote: > > > On Sábado, 30 de Mayo de 2009 19:25:59 Carl escribió: > > > > I need my users to be able to add some markup to the text they enter > > > > in my app so that is isn't just plain text but I've never bothered > > > > with that before. Does anyone have any solutions that they felt > worked > > > > really well? I see so many options, textile, markdown, etc but I > don't > > > > know what to choose. I need them to be able to easily do things like > > > > bold text, italics, new paragraph, link to pages, images, etc. All > > > > preferably a lot easier than teaching them html as some of them are > > > > not very technical, and their are potential security risks, or > course. > > > > > > > > Any suggestions would be great welcome, even if it is "Don't use > > > > <this>, I had a lot of problems with it!" etc. > > > > > > I use tinymce: > > > http://tinymce.moxiecode.com/ > > > > > > > > > -- > > > Sergio Cambra .:: entreCables S.L. ::. > > > Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza > > > T) 902 021 404 F) 976 52 98 07 E) [email protected] > > > > > > > -- > Sergio Cambra .:: entreCables S.L. ::. > Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza > T) 902 021 404 F) 976 52 98 07 E) [email protected] > > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
