XSS - HTML Filtering
Use the Rails `sanitize()` helper
Learn Ruby on Rails - Ruby on Rails tutorial - Html Filtering - Ruby on Rails examples - Ruby On Rails programs
Only effective with Rails 2.0:
- Filters HTML nodes and attributes
- Removes protocols like “javascript:”
- Handles unicode/ascii/hex hacks
sanitize(html, options = {})
Learn Ruby on Rails - Ruby on Rails tutorial - Html Filtering - Ruby on Rails examples - Ruby On Rails programs
- Utilize Tidy if you want to be more cautious