SanitizeHelper methods support a variety of
approaches to escaping HTML and CSS. They complement the
h method (short for
html_escape, part of the
ERb:Util class) by providing other approaches to
escaping markup or letting it pass:
sanitize method provides a customizable
approach to removing attributes and markup that you don’t want to pass through.
The customization can be specified through the
:attributes parameters, or
set by default through initializer code.
sanitize_css method removes features
from CSS that the creators of
sanitize felt were too dangerous. This is used by
sanitize on style attributes.
strip_links method leaves markup other
than links intact, but removes all links from the argument.
strip_tags method removes all HTML
markup from the argument. (The documentation warns that it may not always find all
HTML markup, however.)