Comments (4)
Here's the full code path:
<%= @message.content %>
👇
actiontext/lib/action_text/content.rb
Lines 88 to 90 in 1fdf6b6
actiontext/lib/action_text/content.rb
Lines 84 to 86 in 1fdf6b6
actiontext/app/views/action_text/content/_layout.html.erb
Lines 1 to 3 in 1fdf6b6
actiontext/app/helpers/action_text/content_helper.rb
Lines 2 to 7 in 1fdf6b6
from actiontext.
We provide, and by default use, a render_action_text_content
helper which performs sanitization.
from actiontext.
Hey @Wes-R,
rendered content
is already sanitized here
from actiontext.
I think the answer is that ActionText renders content sanitizied as per 598ef2e, but I think all bets are off if you're manually pulling data out of the model and rendering it without using ActionText. It's probably worth doing what ever is best in a rails sense in terms of sanitizing the input or the output -- I can see arguments either way. But right now it's just the output passed if you're using the helper.
I am in no way on the rails team and have not at all worked on this component, so take everything I say with a bag of kosher salt.
from actiontext.
Related Issues (20)
- ActionView::MissingTemplate HOT 1
- Provide a meaningful error when forgetting has_rich_text in model HOT 4
- ActionText::Content#to_s triggers unnecessary queries HOT 2
- Populated editor fields are empty after reloading
- i18n considerations HOT 2
- undefined method `url_expires_in` for nil:NilClass: HOT 5
- UniqueViolation: Error in Gallery edits (Rails 5.2.1) HOT 7
- UseCase video embedding HOT 1
- UseCase: Delete a picture HOT 1
- Add "insert image" button to default setup HOT 3
- Plain text <h1> conversion is missing whitespace
- couldn't find file 'trix/dist/trix' with type 'text/css' HOT 5
- The Frontend Editor Should be Configurable HOT 4
- couldn't update when image attached HOT 1
- Make it configurable just for backend development HOT 3
- Have to use custom validations
- Add image gallery support
- undefined local variable or method rails_direct_uploads_url HOT 3
- HTML should be sanitized HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from actiontext.