dimanche 25 octobre 2015

RAILS: is there something like "html_safe_if()" or how to make a string "html_safe" if only a allowed subset eg &nbrsp; is used

My situation is, that I want to allow some HTML special chars (and prob some simple tags like bold) as user input (and output again).

AFAIK, the only way is to escape the buffer, and then unescape the allowed things and make it html_safe.

Take this simple example:

out_string = "abcd¿efgh"

renders abcd¿efgh if not with marked as html_safe, but renders abcd¿efgh if used with outstring.html_safe, that's not surprising.

What I would like to have is a "opt out" variant of html_safe that looks like html_safe_if([191, 160, ...]) therefore I need to do that (or something alike)

@out_string= ERB::Util.html_escape(@out_string).gsub("¿","¿").html_safe

Escape it on my own, replace what is allowed and "html_safe it". Sure I can put that as function into the String class and put a bit more brain into the gsub, but isn't there a better, a ready solution?

Aucun commentaire:

Enregistrer un commentaire