I just use raw without sanitize
Rails sanitize tag and background-image
-
05-12-2021 - |
Frage
I want use html & css in form.text_area :text
<%= sanitize @post.text , tags: %w(table tr td div p span img), attributes: %w(id class style src) %>
But css attr "style" don't work with background-image.
<div style="color:red; background-image: url('http://tra-ta-ta.com/1.jpg')">
text
</div>
Image don't work. How I can use background-image?
Problem in sanitize.rb
def sanitize_css(style) # disallow urls style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')
Lösung 2
Andere Tipps
URL strings "url(...)" in style attribute are force replaced with " " by HTML::WhiteListSanitizer
, the default sanitizer. You can implement your own sanitizer, and let Rails use it by editing config/application.rb.
config.action_view.white_list_sanitizer = MySpecialSanitizer.new
Check following files from ActionPack for more info:
actionpack-x.x.x/lib/action_view/helpers/sanitize_helper.rb
actionpack-x.x.x/lib/action_controller/vendor/html-scanner/html/sanitizer.rb
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow