O'Reilly logo

Learning Rails: Live Edition by Edd Dumbill, Simon St. Laurent

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

SanitizeHelper

The SanitizeHelper methods support a variety of approaches to escaping HTML and CSS. They complement the h method (short for html_escape, part of the ERb:Util class) by providing other approaches to escaping markup or letting it pass:

sanitize

The sanitize method provides a customizable approach to removing attributes and markup that you don’t want to pass through. The customization can be specified through the :tags and :attributes parameters, or set by default through initializer code.

sanitize_css

The sanitize_css method removes features from CSS that the creators of sanitize felt were too dangerous. This is used by sanitize on style attributes.

strip_links

The strip_links method leaves markup other than links intact, but removes all links from the argument.

strip_tags

The strip_tags method removes all HTML markup from the argument. (The documentation warns that it may not always find all HTML markup, however.)

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required