The SanitizeHelper
methods
support a variety of approaches to escaping HTML and CSS. They
complement the h
method (short for
html_escape
, part of the ERb:Util
class) by providing other approaches
to escaping markup or letting it pass:
sanitize
The sanitize
method
provides a customizable approach to removing attributes and markup
that you don’t want to pass through. The customization can be
specified through the :tags
and
:attributes
parameters, or set
by default through initializer code.
sanitize_css
The sanitize_css
method removes features from CSS that the creators of sanitize
felt were
too dangerous. This is used by sanitize
on style attributes.
strip_links
The strip_links
method leaves markup other than links intact, but removes all
links from the argument.
strip_tags
The strip_tags
method
removes all HTML markup from the argument. (The documentation
warns that it may not always find all HTML markup,
however.)