Hi, i'm allowing users to upload html stuff, what can i use to
sanitize it? h() it's not good as it escape everything, and i've found
that the rails sanitize() is too strict, it sanitize also css style
attributes, so users cannot personalize their html... i'd like
something which permit to include code like youtubbbe embedded, css
styles (only inline, not by external link), which strip stuff like
html, head and keep just the body, and all the script tags or btw
everything which could cause xss and other problems... what do you
suggest?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
