HELP !!! RAils HTML sanitizer to remove html tags

JON14 · May 15, 2008, 9:16am

HI, I am new to rails and lately was introduced to FCK editor for formatting text. Do you have any idea about how can we sanitize strings. I am using FCK editor for my text areas but because of that the data in the database is completely filled with HTML tags used for formatting the data/. eg: <p><b> text </b></p> etc...

But I need to show the formatted text at some instances whereas normal text at other instances. Do let me know if we can somehow sanitize the text and strip off the html tags from it.

Thanx a lot JON

Raveendran_P · May 15, 2008, 9:23am

Hi,

Hpricot is a very flexible HTML parser, based on Tanaka Akira’s HTree and John Resig’s JQuery, but with the scanner recoded in C (using Ragel for scanning.) I’ve borrowed what I believe to be the best ideas from these wares to make Hpricot heaps of fun to use.

Installing Hpricot

You may get the latest stable version from Rubyforge. Win32 binaries and source gems are available.

$ gem install hpricot

As Hpricot is still under active development, you can also try the most recent candidate build here:

$ gem install hpricot --source [http://code.whytheluckystiff.net](http://code.whytheluckystiff.net)

The development gem is usually in pretty good shape actually. You can also get the bleeding edge code or plain Ruby tarballs on the wiki.

For more Details:

Please see the link

http://code.whytheluckystiff.net/hpricot/

Ivor_Paul · May 15, 2008, 9:36am

If I remember correctly, the acts_as_textiled plugin lets you show textiled text without the tags, or with - based on parameters passed.

In my experience editors like fck cause more problems than they solve - textile is a lot better behaved. However, it obviously depends on your needs.

Regards Ivor

ChrisMDP · May 15, 2008, 9:53am

I'd try asking on Ruby on Rails: Talk for this sort of thing.

http://groups.google.com/group/rubyonrails-talk

Peter_De_Berdt · May 15, 2008, 10:01am

It would be nice if you didn’t crosspost on the Prototype/scripaculous list, because that’s not the appropriate place for it.

You can use strip_tags in your view to strip out all the tags. Quite logical, as was to be expected by the Rails framework and Ruby in general.

Best regards

Peter De Berdt

Jonathan_Fantham · May 16, 2008, 12:09am

you should look at the white_list plugin if you're using an older version of rails though, strip_tags wasn't really that secure till 2.0

http://svn.techno-weenie.net/projects/plugins/white_list/ http://www.rorsecurity.info/2007/08/17/dont-use-strip_tags-strip_links-and-sanitize/

Topic		Replies	Views
Strip & Sanitize BEFORE saving data rubyonrails-talk	19	1720	January 1, 2009
sanitizing and stripping some html? rubyonrails-talk	0	110	April 22, 2007
Textile - how to onl allow certain tags? rubyonrails-talk	0	133	April 29, 2007
FCK editor implementaion to rails app rubyonrails-talk	3	130	May 13, 2010
Problems using the RedCloth gem !?! rubyonrails-talk	2	96	January 22, 2007

HELP !!! RAils HTML sanitizer to remove html tags

Installing Hpricot

Related topics

More Resources