RubyFlow The Ruby and Rails community linklog

Sanitizing html input: youtube iframes, css inline styles and customization

Sometimes we give users tremendous power over the content generated on the web platforms that we write. The power to add content using HTML/WYSIWYG editors. There is only one gotcha. We need to make sure that this power is not abused by malicious users. After all, you are a responsible developer, right?

.

Find out how to sanitize the input but keep it relaxed enough.

Post a comment

You can use basic HTML markup (e.g. <a>) or Markdown.

As you are not logged in, you will be
directed via GitHub to signup or sign in