Home/ Questions/Q 136757
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T06:59:56+00:00

Now i ran into some stupid situation. I want the users to be able

  • 0

Now i ran into some stupid situation. I want the users to be able to use textile, but they shouldn’t mess around with my valid HTML around their entry. So I have to escape the HTML somehow.

  • html_escape(textilize('</body>Foo')) would break textile while

  • textilize(html_escape('</body>Foo')) would work, but breaks various Textile features like links (written like 'Linkname':http://www.wheretogo.com/), since the quotes would be transformed into &quot; and thus not detected by textile anymore.

  • sanitize doesn’t do a better job.

Any suggestions on that one? I would prefer not to use Tidy for this problem. Thanks in advance.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. For those who run into the same problem: If you are using the RedCloth gem you can just define your own method (in one of your helpers).

     def safe_textilize( s )   if s && s.respond_to?(:to_s)     doc = RedCloth.new( s.to_s )     doc.filter_html = true     doc.to_html   end end

    Excerpt from the Documentation:

    Accessors for setting security restrictions.

    This is a nice thing if you‘re using RedCloth for formatting in public places (e.g. Wikis) where you don‘t want users to abuse HTML for bad things.

    If filter_html is set, HTML which wasn‘t created by the Textile processor will be escaped. Alternatively, if sanitize_html is set, HTML can pass through the Textile processor but unauthorized tags and attributes will be removed.

    • 0