I am storing user generated html code in the database, but some of the codes are broken (without end tags), so when this code will mess up the whole render of the page.
How could I prevent this sort of behaviour with ruby on rails.
Thanks
A:
My google-fu reveals surprisingly few hits, but here is the top one :)
willcodejavaforfood
2010-10-05 13:53:52
A:
Try using the h() escape function in your erb templates to sanitize. That should do the trick
Jas
2010-10-05 13:54:36
That only escapes HTML, it doesn't fix it. `<b>x` simply becomes `<b>x` not `<b>x</b>`
tadman
2010-10-05 13:55:56
+2
A:
It's not too hard to do this with a proper HTML parser like Nokogiri which can perform clean-up as part of the processing method:
bad_html = '<div><p><strong>bad</p>'
puts Nokogiri.fragment(bad_html).to_s
# <div><p><strong>bad</strong></p></div>
Once parsed properly, you should have fully balanced tags.
tadman
2010-10-05 13:54:42