tags:

views:

49

answers:

1
Q: 

How to safely sanitize input from TinyMCE in ruby?

Hi,

I just added TinyMCE to a small CMS I built in Rails. I've been using Redcloth before to style user generated articles.

Since I started using TinyMCE, I would like to also allow users to embed video (from youtube for ex) into their blog posts.

I'm using the follow helper in the views:

sanitize(text,
        :tags => %w(a object p param h1 h2 h3 h4 h5 h6 br hr ul li img),
        :attributes => %w(href name src type value width height data) )

Is this safe? Or should I not allow those tags? If so, which tags can I allow? How can I test to make sure?

This is still in staging.

Thanks

Deb

A: 

You are allowed to use all tags you want using the valid_elements configuration option, check out the default setting you can expand. You may also have a look at the custom_elements option.

Thariama  2010-09-23 11:30:53

related questions

Using Youtube's javascript API with jQuery
How to get the public channel URL from YouTubeVideoFeed object using the YouTube API?
What is powering YouTube?
file upload issue
How to change the video playing in Youtube embedded player ?
Youtube content identification technology?
Where can I find open source Youtube-like software?
Actionscripts regarding playing youtube movies in a flash player on a form
PHP Extract audio from video
Android YouTube app Play Video Intent
Is it possible to get all comments of a Youtube video?
Embed YouTube videos while staying XHTML 1.0 Strict?
How can I play a youtube video in swfloader?
How to embed YouTube videos in PHP ?
Hosting user videos
Can we download the video from youtube?
loadVideoById() in YouTube's regular player (not chromeless)
FF3/Windows CSS z-index problem with YouTube player
Determining video codec via YouTube data API?
Detecting if youtube is blocked by company / ISP
How to combine a photo and sound file to an video file which is acceptiable on youtube?
HTML Snapshot
YouTube embeds not working in WordPress after import from Blogger
Anybody got an Actionscript 3 Youtube API / wrapper?
Annotating YouTube videos programatically