What's the preferred way to handle rich text user input in rails? Markdown looks useful, but I haven't found an editor that looks simple to setup for it, nor am I sure how to handle sanitizing the html. (the sanitize
helper still seems to allow stuff like </div>
, which breaks my layout) I'd like to guarantee that the cleaned up code is valid XHTML Strict.
views:
170answers:
2
+1
A:
From this thread it appears the editor in Yahoo's UI library is a good solution. Always try the search feature first! :)
John T
2009-05-24 22:18:24
looks useful, but I've still got that sanitization problem on the generated markup, and I'm a bit wary of WYSIWYG editors for stuff like that due to the tendency for them to generate REALLY messy code
Eric
2009-05-24 22:23:10
Take a peek at the thread, many more solutions for ya :)
John T
2009-05-24 22:24:40
+1
A:
I chose TinyMCE. It allows me to sanitize the returned HTML code down to tags and attributes. See the documentation for the valid_elements option for details.
But beware: These sanitation feature don't help if someone POSTs rubbish directly (w/o a browser, e.g. using curl). I use Tidy with a little help by TidyFFI to prevent such troubles.
(Sorry, no links because I'm not allowed to post such kind of malware ;-)
Gert Thiel
2009-05-25 19:26:08