eden li
10/9/2006 5:36:00 AM
Glad I could help. One security-related caveat.
The method I posted doesn't strip attributes, so it may be possible for
someone to "hack" your site by putting javascript onto one of the
allowed tags.
You can fix that by changing the last line of the first branch of the
if statement from "text" to "sanitize(text)", eg:
if html.index("<")
...
sanitize(text)
else
...
Wild Al wrote:
> I found this method very useful; it is exactly what I needed. Thanks.
> To all others: your suggestions helped too, especially in understanding
> ruby. Thanks again...