I have a system that users can be able to post comments.
Comments A Curriculum
To change my problem, format the comment with the BR tag. \ N
In fact, I can do something like this
S.gsub (/ \ n /, '
But the XSS protection included in the rail is avoided by BR tags.
I do this
s.gsub (/ \ n /, '
But then, all tags are
thanks
edit: to: due to a major security problem ....
So my question Is: now, I have added it
def sanitaze self.gsub (/ (
As Ryan Big suggested simple_format is the best tool for the job: it compares to other solutions. It is safe enough.
It is because: @
<% = simple_format (@var)%> < P> If you want to get rid of the text to get rid of HTML tags, you should before simple_format
Comments
Post a Comment