My situation is, that I want to allow some HTML
special chars (and prob some simple tags like bold
) as user input (and output again).
AFAIK, the only way is to escape the buffer, and then unescape the allowed things and make it html_safe.
Take this simple example:
out_string = "abcd¿efgh"
renders abcd¿efgh
if not with marked as html_safe, but renders abcd¿efgh
if used with outstring.html_safe
, that's not surprising.
What I would like to have is a "opt out" variant of html_safe
that looks like html_safe_if([191, 160, ...])
therefore I need to do that (or something alike)
@out_string= ERB::Util.html_escape(@out_string).gsub("¿","¿").html_safe
Escape it on my own, replace what is allowed and "html_safe it". Sure I can put that as function into the String class and put a bit more brain into the gsub, but isn't there a better, a ready solution?
Aucun commentaire:
Enregistrer un commentaire