Hi, i wan't to permit users to send their own content, text, html, and stuff like that. It should also be permit them to send their own design, using div, span, internal style attributes and so on. Obviously i'd like to protect everything forbidding javascript, but permitting object and embedded (for youtube, gvideo, etc). >From a previous post the suggestion was wonko/sanitize: http://www.ruby-forum.com/topic/186697 But i've not found time to try it yet. Btw, my question now is another, how can i remove external links, but keeping the text link and internal links? I mean, if a user insert "<a href="http://externaldomain.com">my site</a>" it should be sanitized to just "my site", instead if he insert "<a href="http://domain.com">read this page</a>" it should keep it as it is (domain.com is "whitelisted"). And it also should remove others like mailto:, ftp:, etc (just keep http and https) Any hint about this ? (considering the first lines about styles, and which sanitezer to use) thank you -- Posted via http://www.ruby-forum.com/.
--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---