mirror of
https://github.com/rails/rails.git
synced 2022-11-09 12:12:34 -05:00
Added not to sanitize helper docs that it doesn't guarantee well-formed markup.
Signed-off-by: Michael Koziarski <michael@koziarski.com> [#166 state:resolved]
This commit is contained in:
parent
236f0bb67a
commit
9a137506a1
1 changed files with 5 additions and 0 deletions
|
@ -48,6 +48,11 @@ module ActionView
|
|||
# config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style'
|
||||
# end
|
||||
#
|
||||
# Please note that sanitizing user-provided text does not guarantee that the
|
||||
# resulting markup is valid (conforming to a document type) or even well-formed.
|
||||
# The output may still contain e.g. unescaped '<', '>', '&' characters and
|
||||
# confuse browsers.
|
||||
#
|
||||
def sanitize(html, options = {})
|
||||
self.class.white_list_sanitizer.sanitize(html, options)
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue