禁用XSS和HTML清理用Rails 3 [英] Disable XSS and HTML Sanitization in Rails 3
问题描述
我有一个问题,当我有我的富文本编辑器中的内容保存到使用ActiveRecord的HTML内容被剥离的HTML内容数据库(我认为它激发html_safe就可以了)。我试图重写的内容串html_safe方法,但没有任何工程。
I'm having an issue where when I have the contents of my rich text editor saved into the database using activerecord the html content is stripped of the html contents (I think it fires html_safe on it). I tried overriding the html_safe method on the content string, but nothing works.
content = "<p>hello</p>"
@article.content = content
puts @article.content # "<p>hello</p>"
@article.save
puts @article.content # "<>hello</>"
你怎么能覆盖HTML剥ActiveRecord的能力为特定的列?
How can you override the html stripping capabilities in activerecord for a particular column?
推荐答案
原来的问题这个问题是什么待办事项使用Rails或XSS剥离。在code,我已经被修改字符串,然后将结果保存在其他地方这是导致原始输入被改变。我用的问题解决了 string.dup
复制了原始的字符串,这样我并没有受到影响。
Turns out the issue to this problem was nothing todo with Rails or the XSS stripping. The code that I had was modifying a string and then saving the results elsewhere which was causing the original input to be changed. I solved the problem by using string.dup
to copy over the original string so that I wasn't affected.
这篇关于禁用XSS和HTML清理用Rails 3的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!