sanitize

sanitize(html, options = {}) Instance Public methods This sanitize helper will html encode all tags and strip all attributes that aren't specifically allowed. It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out the extensive test suite. <%= sanitize @article.body %> You can add or remove tags/attri

sanitize_css

sanitize_css(style) Instance Public methods Sanitizes a block of CSS code. Used by sanitize when it comes across a style attribute.

strip_links

strip_links(html) Instance Public methods Strips all link tags from text leaving just the link text. strip_links('<a href="http://www.rubyonrails.org">Ruby on Rails</a>') # => Ruby on Rails strip_links('Please e-mail me at <a href="mailto:me@email.com">me@email.com</a>.') # => Please e-mail me at me@email.com. strip_links('Blog: <a href="http://www.myblog.com/" class="nav" target=\"_blank\">Visit</a>.') # => Blog: Visit.

strip_tags

strip_tags(html) Instance Public methods Strips all HTML tags from the html, including comments. This uses the html-scanner tokenizer and so its HTML parsing ability is limited by that of html-scanner. strip_tags("Strip <i>these</i> tags!") # => Strip these tags! strip_tags("<b>Bold</b> no more! <a href='more.html'>See more here</a>...") # => Bold no more! See more here... strip_tags("<div id='top-bar'>Welcome to my website!</d

cdata_section

cdata_section(content) Instance Public methods Returns a CDATA section with the given content. CDATA sections are used to escape blocks of text containing characters which would otherwise be recognized as markup. CDATA sections begin with the string <![CDATA[ and end with (and may not contain) the string ]]>. cdata_section("<hello world>") # => <![CDATA[<hello world>]]> cdata_section(File.read("hello_world.txt")) # => <![CDATA[<hello from a text

content_tag

content_tag(name, content_or_options_with_block = nil, options = nil, escape = true, &block) Instance Public methods Returns an HTML block tag of type name surrounding the content. Add HTML attributes by passing an attributes hash to options. Instead of passing the content as an argument, you can also use a block in which case, you pass your options as the second parameter. Set escape to false to disable attribute value escaping. Options The options hash is used with attributes

escape_once

escape_once(html) Instance Public methods Returns an escaped version of html without affecting existing escaped entities. escape_once("1 < 2 &amp; 3") # => "1 &lt; 2 &amp; 3" escape_once("&lt;&lt; Accept & Checkout") # => "&lt;&lt; Accept &amp; Checkout"

tag

tag(name, options = nil, open = false, escape = true) Instance Public methods Returns an empty HTML tag of type name which by default is XHTML compliant. Set open to true to create an open tag compatible with HTML 4.0 and below. Add HTML attributes by passing an attributes hash to options. Set escape to false to disable attribute value escaping. Options You can use symbols or strings for the attribute names. Use true with boolean attributes that can render with no value, like disab

concat

concat(string) Instance Public methods The preferred method of outputting text in your views is to use the <%= âtextâ %> eRuby syntax. The regular puts and print methods do not operate as expected in an eRuby code block. If you absolutely must output text within a non-output code block (i.e., <% %>), you can use the concat method. <% concat "hello" # is the equivalent of <%= "hello" %> if logged_in concat "Logged in!" else concat li

current_cycle

current_cycle(name = "default") Instance Public methods Returns the current cycle string after a cycle has been started. Useful for complex table highlighting or any other design need which requires the current cycle string in more than one place. # Alternate background colors @items = [1,2,3,4] <% @items.each do |item| %> <div style="background-color:<%= cycle("red","white","blue") %>"> <span style="background-color:<%= current_cycle %>"><%=