Skip to content
This repository
Browse code

Added SanitizeHelper to rails guide docs [ci skip]

Added SanitizeHelper to rails guide docs [ci skip]

Added SanitizeHelper to rails guide docs update [ci skip]
  • Loading branch information...
commit e97e89515187072063f353eee3a220c26aaf9afa 1 parent 7d7c9f4
Toby Sims authored

Showing 1 changed file with 66 additions and 0 deletions. Show diff stats Hide diff stats

  1. 66  guides/source/action_view_overview.md
66  guides/source/action_view_overview.md
Source Rendered
@@ -1520,6 +1520,72 @@ number_with_precision(111.2345)     # => 111.235
1520 1520
 number_with_precision(111.2345, 2)  # => 111.23
1521 1521
 ```
1522 1522
 
  1523
+### SanitizeHelper
  1524
+
  1525
+The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements.
  1526
+
  1527
+#### sanitize
  1528
+
  1529
+This sanitize helper will html encode all tags and strip all attributes that aren’t specifically allowed.
  1530
+
  1531
+```ruby
  1532
+sanitize @article.body
  1533
+```
  1534
+
  1535
+If either the :attributes or :tags options are passed, only the mentioned tags and attributes are allowed and nothing else.
  1536
+
  1537
+```ruby
  1538
+sanitize @article.body, tags: %w(table tr td), attributes: %w(id class style)
  1539
+```
  1540
+
  1541
+To change defaults for multiple uses, for example adding table tags to the default:
  1542
+
  1543
+```ruby
  1544
+class Application < Rails::Application
  1545
+  config.action_view.sanitized_allowed_tags = 'table', 'tr', 'td'
  1546
+end
  1547
+```
  1548
+
  1549
+#### sanitize_css(style)
  1550
+
  1551
+Sanitizes a block of CSS code.
  1552
+
  1553
+#### strip_links(html) 
  1554
+Strips all link tags from text leaving just the link text.
  1555
+
  1556
+```ruby
  1557
+strip_links("<a href="http://rubyonrails.org">Ruby on Rails</a>")
  1558
+# => Ruby on Rails
  1559
+```
  1560
+
  1561
+```ruby
  1562
+strip_links("emails to <a href="mailto:me@email.com">me@email.com</a>.")
  1563
+# => emails to me@email.com.
  1564
+```
  1565
+
  1566
+```ruby
  1567
+strip_links('Blog: <a href="http://myblog.com/">Visit</a>.')
  1568
+# => Blog: Visit.
  1569
+```
  1570
+
  1571
+#### strip_tags(html) 
  1572
+
  1573
+Strips all HTML tags from the html, including comments. 
  1574
+This uses the html-scanner tokenizer and so its HTML parsing ability is limited by that of html-scanner.
  1575
+
  1576
+```ruby
  1577
+strip_tags("Strip <i>these</i> tags!")
  1578
+# => Strip these tags!
  1579
+```
  1580
+
  1581
+```ruby
  1582
+strip_tags("<b>Bold</b> no more!  <a href='more.html'>See more</a>")
  1583
+# => Bold no more!  See more
  1584
+```
  1585
+
  1586
+NB: The output may still contain unescaped ‘<’, ‘>’, ‘&’ characters and confuse browsers.
  1587
+
  1588
+
1523 1589
 Localized Views
1524 1590
 ---------------
1525 1591
 

0 notes on commit e97e895

Please sign in to comment.
Something went wrong with that request. Please try again.