CodeDump
user3631047 user3631047 - 1 year ago 127
HTML Question

How to save and retrieve HTML tags in database in rails?

I need to save and retrieve HTML tags in database in my rails app safely. Currently I save HTML without any validation like below:

<h2>Sample title</h2> 

<p>sample description</p>


and in the view I use
<%=raw @page.desription %>
. It works as expected. But I need to know if it is safe or not?

Edd Morgan Edd Morgan
Answer Source

You can never be sure it is safe. Always treat all user input as hostile.

However, if by "safe" you mean "devoid of potentially really harmful elements like <script>s and <style>s", then I present to you the Sanitization Helper. You can print your HTML from the database and only allow a certain whitelist of tags.

<%=raw sanitize @page.description, tags: %w(h2 p strong em a), attributes: %w(id class href) %>

The above example will allow all h2, p, strong, em and a tags, and only the id, class and href attributes on them. Everything else will be removed.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download

Sign up

Sign up with GitHub
Latest added
FNISaa2 Papyrus
GenerateFNISUsers
FNIScommon1
FNISaa1
woocommmercerestapi.php
fsagsas
test for the future
android by welookups
laravelrecaptcha
Updraft Log
Lenny
Brooklyn-stuff
aasdasda
Model and View in Laravel
tutorial.py
Main thing
Object
alarm.sh
promises vs async
PropagateMaskBoundary