Is there a way I can take away Javascript from a user input but let them use HTML? Or rather, is there a built in function that just takes away <script> and leaves all the other tags in tact or would I have to make one myself?
Mike C wrote:
Is there a way I can take away Javascript from a user input but let them use HTML? Or rather, is there a built in function that just takes away <script> and leaves all the other tags in tact or would I have to make one myself?
You probably want sanitize:
http://api.rubyonrails.com/classes/ActionView/Helpers/SanitizeHelper.html#M000936
It will make JavaScript and forms innocuous leaving everything else intact. You can easily customize it to suit your requirements.