What is the best solution to sanitize output HTML in Rails (to avoid XSS

Question

0

Asked: May 10, 20262026-05-10T20:35:15+00:00 2026-05-10T20:35:15+00:00

What is the best solution to sanitize output HTML in Rails (to avoid XSS

0

What is the best solution to sanitize output HTML in Rails (to avoid XSS attacks)?

I have two options: white_list plugin or sanitize method from Sanitize Helper http://api.rubyonrails.com/classes/ActionView/Helpers/SanitizeHelper.html . For me until today the white_list plugin worked better and in the past, Sanitize was very buggy, but as part of the Core, probably it will be under development and be supported for a while.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

score 0 · Answer 1 · 2026-05-10T20:35:16+00:00

2026-05-10T20:35:16+00:00Added an answer on May 10, 2026 at 8:35 pm

I think the h helper method will work here:

<%= h @user.profile %>

This will escape angle brackets and therefore neutralize any embedded JavaScript. Of course this will also eliminate any formatting your users might use.

If you want formatting, maybe look at markdown.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

What is the best solution to sanitize output HTML in Rails (to avoid XSS

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply