sanitize_params + whiteList

Tom_Z_Meinlschmidt · May 7, 2009, 8:28pm

hi, what about to put

WhiteListHelper.tags += %w(a em p strong blockquote h2 ul li)

into app/helpers/application_helper.rb ?

instead of config/...

tom

Petan Cert wrote:

11175 · May 8, 2009, 7:41am

Hi Tom,

I've moved the whitelistHelper tag to application_helper.rb, but it still strips all the tags.

Thx, Pete

Tom Z Meinlschmidt wrote:

Topic		Replies	Views
plans for insecure text helpers rubyonrails-core	1	152	August 16, 2007
anyone here familiar with white_list plugin? rubyonrails-talk	0	98	February 21, 2008
[Rails3] Whitelist Rails 3 aggressive sanitizer rubyonrails-talk	6	140	February 14, 2011
WhiteListHelper plugin not passing any tests rubyonrails-talk	1	139	May 16, 2007
Preventing XSS attacks in rails rubyonrails-talk	1	97	June 1, 2007