Rails sanitize tag and background-image

Question

I want use html & css in form.text_area :text

 <%= sanitize @post.text , tags: %w(table tr td div p span img), attributes: %w(id class style src) %>

But css attr "style" don't work with background-image.

<div style="color:red; background-image: url('http://tra-ta-ta.com/1.jpg')">
text 
</div>

Image don't work. How I can use background-image?

Problem in sanitize.rb

def sanitize_css(style) # disallow urls style = style.to_s.gsub(/url\s*\(\s*[^\s)]+?\s*\)\s*/, ' ')

Answer 1

I just use raw without sanitize

Answer 2

URL strings "url(...)" in style attribute are force replaced with " " by HTML::WhiteListSanitizer, the default sanitizer. You can implement your own sanitizer, and let Rails use it by editing config/application.rb.

config.action_view.white_list_sanitizer = MySpecialSanitizer.new

Check following files from ActionPack for more info:

• actionpack-x.x.x/lib/action_view/helpers/sanitize_helper.rb
• actionpack-x.x.x/lib/action_controller/vendor/html-scanner/html/sanitizer.rb