I have a user input form like
= simple_form_for(@user) do |f|
= f.input :about_me, :input_html => {"data-fileupload" => "false", :class => "span12 rich_regular"}, :label => _("about_me")
and the the field about_me is been sanitized at the model level like
sanitize_text :basic => [:about_me], :except => [:time_zone]
but, when i copy any js script like
<script>alert(hello)</script>
above alert it is beeing executed i.e, alert is being displayed. how should I prevent it from the front end Kindly help.
Aucun commentaire:
Enregistrer un commentaire