I installed Redcloth into my app so that it could use Textile.
However, it seems that textilize (the function used to parse the
Textile stuff) and h aren't compatible. If I do <%= textilize h
@mymessage %> it doesn't work. If I take out the h it works but then I
leave myself open to XSS. Is there a way to get around this?
Essentially I was trying to allow users to do basic HTML functions and
weed out javascript.
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
