I want my application to sanitize html on input rather than on display, so that the fields saved into the database are sanitized.
I've been doing this with strip_tags
, and it was working great. However, this has the downside that it means the user can't input anything that's bracketed with <
and >
.
How can I tell Rails in the model to securely escape tags before saving them to the database? I'd like to not have to call h
on the sanitized fields again before using them in the views.