如何在保存记录之前清理数据(删除 html 标签)? [英] How to sanitize data (remove html tags) before saving a record?

问题描述

我想知道 Rails3 是否有一种简单的方法可以在将输入数据保存到数据库之前从输入数据中删除 html 标签.

I was wondering if Rails3 had an easy way to remove html tags from the input data before saving it in the database.

现在，HAML 在视图级别对数据进行了清理.JS 不会被执行等等，但我想完全删除可能有害的数据.

Right now the data is sanitized on the view level by HAML. JS doesn't get executed and stuff, but I'd like to completely remove potentially harmful data.

基本上，我的问题是:有没有我可以在 before_save 过滤器中使用的助手来安全地去除标签?

Basically, my question is: is there a helper I could use in a before_save filter to safely strip the tags out?

推荐答案

我正在使用 sanitize对于这个基于 nokogiri 的工作.使用起来更简单，因为您不必访问模型中的视图助手.

I'm using sanitize for this jobs which is based on nokogiri. Is simpler to use, because you don't have to access view helpers in your model.

这篇关于如何在保存记录之前清理数据(删除 html 标签)?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！