On Lunes, 1 de Junio de 2009 19:20:14 Carl Anderson escribió: > That's what I meant. But if you override the show page, don't you (or > rather your users) become susceptible to cross site scripting attacks, etc? > I was just wondering if people used some sort of markup language like > textile or markdown to limit the tags users can input, etc. rather than > allowing them to input full html.
You can restrict tags in tinymce, in order to avoid tags susceptible to be used for attacks. > > Carl > > On Mon, Jun 1, 2009 at 5:12 AM, Sergio Cambra .:: entreCables S.L. ::. < > > [email protected]> wrote: > > On Lunes, 1 de Junio de 2009 13:27:46 Carl Anderson escribió: > > > So do you then just display the record without using the h method, > > > since from what I recall it escapes the html tags out? > > > > I don't show those fields in list or show pages. But you can define a new > > form_ui which don't use h method, or define a field override for your > > list or show page which don't use the h method. > > > > > Carl > > > > > > On Mon, Jun 1, 2009 at 12:19 AM, Sergio Cambra .:: entreCables S.L. ::. > > > < > > > > > > [email protected]> wrote: > > > > On Sábado, 30 de Mayo de 2009 19:25:59 Carl escribió: > > > > > I need my users to be able to add some markup to the text they > > > > > enter in my app so that is isn't just plain text but I've never > > > > > bothered with that before. Does anyone have any solutions that they > > > > > felt > > > > worked > > > > > > > really well? I see so many options, textile, markdown, etc but I > > > > don't > > > > > > > know what to choose. I need them to be able to easily do things > > > > > like bold text, italics, new paragraph, link to pages, images, etc. > > > > > All preferably a lot easier than teaching them html as some of them > > > > > are not very technical, and their are potential security risks, or > > > > course. > > > > > > > Any suggestions would be great welcome, even if it is "Don't use > > > > > <this>, I had a lot of problems with it!" etc. > > > > > > > > I use tinymce: > > > > http://tinymce.moxiecode.com/ > > > > > > > > > > > > -- > > > > Sergio Cambra .:: entreCables S.L. ::. > > > > Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza > > > > T) 902 021 404 F) 976 52 98 07 E) [email protected] > > > > -- > > Sergio Cambra .:: entreCables S.L. ::. > > Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza > > T) 902 021 404 F) 976 52 98 07 E) [email protected] > > -- Sergio Cambra .:: entreCables S.L. ::. Nicolás Guillén 6, locales 2 y 3. 50.018 Zaragoza T) 902 021 404 F) 976 52 98 07 E) [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en -~----------~----~----~----~------~----~------~--~---
