On Tue, Aug 17, 2010 at 11:18, Kaspir Ghost <[email protected]> wrote:
> I couldn't put links in my > posts. I mean I can write links yes, but what I want to do is this: > > [code] > blah blah blah <a href="http://www.site.com";>site</a> blah blah blah > [/code] Looks to me like you're running afoul of HTML sanitization. This is in fact for your (or rather, your users') protection, against cross-site-scripting attacks. If you REALLY want to do that sort of thing, you can explicitly mark the string as being already HTML-safe. I'll leave it to you to find out how to do that, as this is a serious vulnerability, not to be left unprotected-against lightly. Alternately, there are probably some plugins/gems/whatever that will let your users insert a *limited subset* of tags, including links... though of course the targets may contain cross-site-scripting attacks.... -Dave -- Specialization is for insects. -RAH | Have Pun, Will Babble! -me Programming Blog: http://codosaur.us | Work: http://davearonson.com Leadership Blog: http://dare2xl.com | Play: http://davearonson.net * * * * * WATCH THIS SPACE * * * * * | Ruby: http://mars.groupsite.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
