在Rails中清理CSS [英] Sanitizing CSS in Rails

问题描述

我想允许我正在建立的网络应用程序的用户编写自己的CSS以自定义他们的个人资料页面。

I want to allow the users of a web app that I'm building to write their own CSS in order to customize their profile page.

但我知道这种开放的许多安全风险，即背景：url（'javascript：alert（获得您的cookies！+ document.cookies'）。

However I am aware of this opening up for many security risks, i e background: url('javascript:alert("Got your cookies! " + document.cookies').

寻找一个解决方案来清理CSS，同时仍然允许尽可能多的CSS功能为我的用户。

Hence I am looking for a solution to sanitize the CSS while still allowing as much CSS functionality as possible for my users.

所以我的问题，如果有人知道一个gem或一个插件

So my questions if anyone anyone knows of a gem or a plugin to handles this? I've googled my brains out already so any tips would be really appreciated!

推荐答案

Rails有一个内置的css sanitizer

Rails has a built-in css sanitizer

请参阅 http： //apidock.com/rails/ActionView/Helpers/SanitizeHelper/sanitize_css 及其父级 http://apidock.com/rails/ActionView/Helpers/SanitizeHelper/sanitize

> ActionController::Base.helpers.sanitize_css('background:#fff')
=> "background: #fff;" 
> ActionController::Base.helpers.sanitize_css('javascript:alert("garr");')
=> "" 

这篇关于在Rails中清理CSS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！