[Rails] Re: pass iframe through sanitize

Ruby on Rails Monday, April 2, 2012

In config/initializers/sanitizer.rb

add:

HTML::WhiteListSanitizer.allowed_tags << 'iframe'

On Mar 24, 9:56 am, Grigory Antonov <antono...@gmail.com> wrote:
> Hello,
> I want to let users place in textfield an iframe tag from google maps.
> Sanitize cuts everything. I want to  add some kind of rule to sanitize, so
> it cuts js, but pass through an iframe from google maps and yandex maps
> Tried to place in  config config.action_view.sanitized_allowed_tags =
> %w('iframe') . It didn't help.
> sample
> <iframe width="650" height="300" frameborder="0" scrolling="no"
> marginheight="0" marginwidth="0"
> src="http://maps.google.ru/maps/ms?hl=ru&gl=ru&ptab=2&ie=UTF8&..."></iframe>

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 1:48 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)