Ruby on Rails: How best to escape a string in a model?

Posted by williamjones on Stack Overflow See other posts from Stack Overflow or by williamjones
Published on 2010-05-21T03:45:02Z Indexed on 2010/05/21 3:50 UTC
Read the original article Hit count: 259

I want my application to sanitize html on input rather than on display, so that the fields saved into the database are sanitized.

I've been doing this with strip_tags, and it was working great. However, this has the downside that it means the user can't input anything that's bracketed with < and >.

How can I tell Rails in the model to securely escape tags before saving them to the database? I'd like to not have to call h on the sanitized fields again before using them in the views.

© Stack Overflow or respective owner

Related posts about ruby-on-rails

Related posts about sanitize