views:

170

answers:

2

What's the preferred way to handle rich text user input in rails? Markdown looks useful, but I haven't found an editor that looks simple to setup for it, nor am I sure how to handle sanitizing the html. (the sanitize helper still seems to allow stuff like </div>, which breaks my layout) I'd like to guarantee that the cleaned up code is valid XHTML Strict.

+1  A: 

From this thread it appears the editor in Yahoo's UI library is a good solution. Always try the search feature first! :)

John T
looks useful, but I've still got that sanitization problem on the generated markup, and I'm a bit wary of WYSIWYG editors for stuff like that due to the tendency for them to generate REALLY messy code
Eric
Take a peek at the thread, many more solutions for ya :)
John T
+1  A: 

I chose TinyMCE. It allows me to sanitize the returned HTML code down to tags and attributes. See the documentation for the valid_elements option for details.

But beware: These sanitation feature don't help if someone POSTs rubbish directly (w/o a browser, e.g. using curl). I use Tidy with a little help by TidyFFI to prevent such troubles.

(Sorry, no links because I'm not allowed to post such kind of malware ;-)

Gert Thiel