HELP !!! RAils HTML sanitizer to remove html tags

I am new to rails and lately was introduced to FCK editor for formatting text.
Do you have any idea about how can we sanitize strings.
I am using FCK editor for my text areas but because of that the data in the database is completely filled with HTML tags used for formatting the data/.
eg: <p><b> text </b></p> etc...

But I need to show the formatted text at some instances whereas normal text at other instances.
Do let me know if we can somehow sanitize the text and strip off the html tags from it.

Thanx a lot


Hpricot is a very flexible HTML parser, based on Tanaka Akira’s HTree and John Resig’s JQuery, but with the scanner recoded in C (using Ragel for scanning.) I’ve borrowed what I believe to be the best ideas from these wares to make Hpricot heaps of fun to use.

Installing Hpricot

You may get the latest stable version from Rubyforge. Win32 binaries and
source gems are available.

$ gem install hpricot

As Hpricot is still under active
development, you can also try the most recent candidate build here:

$ gem install hpricot --source [](

The development gem is usually in pretty good shape actually. You can also
get the bleeding edge code or plain Ruby tarballs on the wiki.

For more Details:

Please see the link

If I remember correctly, the acts_as_textiled plugin lets you show textiled text without the tags, or with - based on parameters passed.

In my experience editors like fck cause more problems than they solve - textile is a lot better behaved. However, it obviously depends on your needs.


I'd try asking on Ruby on Rails: Talk for this sort of thing.

It would be nice if you didn’t crosspost on the Prototype/scripaculous list, because that’s not the appropriate place for it.

You can use strip_tags in your view to strip out all the tags. Quite logical, as was to be expected by the Rails framework and Ruby in general.

Best regards

Peter De Berdt

you should look at the white_list plugin if you're using an older
version of rails though, strip_tags wasn't really that secure till 2.0