h(textilize(@mymessage)) ----- Ryan Bigg Freelancer http://frozenplague.net
On 12/01/2009, at 2:50 PM, Mike C wrote: > > I installed Redcloth into my app so that it could use Textile. > However, it seems that textilize (the function used to parse the > Textile stuff) and h aren't compatible. If I do <%= textilize h > @mymessage %> it doesn't work. If I take out the h it works but then I > leave myself open to XSS. Is there a way to get around this? > Essentially I was trying to allow users to do basic HTML functions and > weed out javascript. > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
