I have constructed a whitelist of all the tags I want to allow when sanitizing a document which includes script tags and used ActionView::Helpers::SanitizeHelper to help with the sanitizing. My problem is that the script tag is allowed to display in the HTML source but the contents of the script are removed.
I can display without the sanitizing for this specific section of my application but would prefer to keep everything consistent.
This is my line code for that sanitizing section
#{sanitize @page.body, tags: t("sanitize.whitelist").split(/\s/), attributes: %w(id class style alt src href target)}
Any help would be appreciated before I just have to resolve to removing sanitizing on this section.
Aucun commentaire:
Enregistrer un commentaire