> html_escape(textilize(“< / body> Foo”))会破坏纺织品
> textilize(html_escape(“< / body> Foo”))可以工作,但会打破各种纺织品功能,如链接(写作“Linkname”:http://www.wheretogo.com/),因为引号会被转换进入& quot;因此不再被纺织品检测到.
>消毒不会做得更好.
有关那个的任何建议吗?我宁愿不使用Tidy来解决这个问题.
提前致谢.
解决方法
def safe_textilize( s ) if s && s.respond_to?(:to_s) doc = RedCloth.new( s.to_s ) doc.filter_html = true doc.to_html end end
摘自文档:
Accessors for setting security restrictions.
This is a nice thing if you‘re using RedCloth for formatting in
public places (e.g. Wikis) where you don‘t want users to abuse HTML for bad things.If
filter_html
is set,HTML which wasn‘t created by the Textile processor will be
escaped. Alternatively,ifsanitize_html
is set,HTML can pass through the Textile processor but unauthorized tags and attributes will be removed.
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。