That doesn't work since textilize parses it into html and then h will, of course, take those away. Anyways I found a solution to my problem. It seems that you shouldn't use textilize but just use RedCloth.new (message, [:filter_html])
On Jan 11, 8:59 pm, Ryan Bigg <[email protected]> wrote: > h(textilize(@mymessage)) > ----- > Ryan Bigg > Freelancerhttp://frozenplague.net > > On 12/01/2009, at 2:50 PM, Mike C wrote: > > > > > I installed Redcloth into my app so that it could use Textile. > > However, it seems that textilize (the function used to parse the > > Textile stuff) and h aren't compatible. If I do <%= textilize h > > @mymessage %> it doesn't work. If I take out the h it works but then I > > leave myself open to XSS. Is there a way to get around this? > > Essentially I was trying to allow users to do basic HTML functions and > > weed out javascript. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
