Rails HTML Tags sanitize

my_text = "Here is some basic text...\n...with a line break."

# 默认输出
simple_format(my_text)
# => "<p>Here is some basic text...\n<br />...with a line break.</p>"
# 可以看到默认情况下是用 <p> 将每行包起来

# 添加外部标签
simple_format(my_text, {}, wrapper_tag: "div")
# => "<div>Here is some basic text...\n<br />...with a line break.</div>"

more_text = "We want to put a paragraph...\n\n...right there."

# 两个换行符产生一个新段
simple_format(more_text)
# => "<p>We want to put a paragraph...</p>\n\n<p>...right there.</p>"

# 添加样式
simple_format("Look ma! A class!", class: 'description')
# => "<p class='description'>Look ma! A class!</p>"

# 过滤不支持的标签，如这里的 <blink>
simple_format("<blink>Unblinkable.</blink>")
# => "<p>Unblinkable.</p>"

# 设置 sanitize 为 false，不过滤标签
simple_format("<blink>Blinkable!</blink> It's true.", {}, sanitize: false)
# => "<p><blink>Blinkable!</blink> It's true.</p>"

class Application < Rails::Application
  ......
  + config.action_view.sanitized_allowed_tags = Rails::Html::WhiteListSanitizer.allowed_tags + %w(table tr td)
  + config.action_view.sanitized_allowed_attributes = Rails::Html::WhiteListSanitizer.allowed_attributes + %w(style border)
end

Similar Posts

• Rails 5 使用 Migration 来操作数据库
• Rails 5 使用 `rake db:seed` 添加测试数据
• Rails 5 渲染 Markdown 及实现代码高亮
• Rails 5 中使用CarrierWave 在 `remote: true` 实现上传图片不成功
• Rails 5 中 accepts_nested_attributes_for 不起作用
• 在 Rails 中使用 Bulma　框架

Comments(需要科学上网)