You shouldn't use raw text_area_tag
method. You should use simple_form API methods. Here is an example (in Slim, but you should get the idea):
= simple_form_for(comment) do |f|
= f.input :content, input_html: { class: 'redactor', rows: '4' }
= f.button :submit
Next. Redactor does not clean user's input. You should do it manually.
Controller code (create action in particular) example:
class CommentsController
# used for sanitization user's input
REDACTOR_TAGS = %w(code span div label a br p b i del strike u img video audio
iframe object embed param blockquote mark cite small ul ol li
hr dl dt dd sup sub big pre code figure figcaption strong em
table tr td th tbody thead tfoot h1 h2 h3 h4 h5 h6)
REDACTOR_ATTRIBUTES = %w(href)
# ...
def create
params[:comment][:content] = sanitize_redactor(params[:comment][:content])
comment = Comment.create(params[:comment])
if comment.save
# ...
end
end
# ...
private
def sanitize_redactor(orig_text)
stripped = view_context.strip_tags(orig_text)
if stripped.present? # this prevents from creating empty comments
view_context.sanitize(orig_text, tags: REDACTOR_TAGS, attributes: REDACTOR_ATTRIBUTES)
else
nil
end
end
end