Disable XSS and HTML Sanitization in Rails 3

I'm having an issue where when I have the contents of my rich text edi开发者_Python百科tor saved into the database using activerecord the html content is stripped of the html contents (I think it fires html_safe on it). I tried overriding the html_safe method on the content string, but nothing works.

content = "<p>hello</p>"
@article.content = content
puts @article.content # "<p>hello</p>"
@article.save
puts @article.content # "<>hello</>"

How can you override the html stripping capabilities in activerecord for a particular column?

As frank blizzard already said in his answer, you make your self vulnerable two XSS-Attacks.

But if you trust your authors, that this columns are safe two display, you can do something like this in your Article model

class Article < ActiveRecord::Base
  def content
    attributes[:content].html_safe
  end
end

You can use the raw(string) method, but it would make you vunlerable against XSS attacks. Another option would be taking a deeper look into markdown.

Turns out the issue to this problem was nothing todo with Rails or the XSS stripping. The code that I had was modifying a string and then saving the results elsewhere which was causing the original input to be changed. I solved the problem by using string.dup to copy over the original string so that I wasn't affected.

There should be an option for this.

I encourage you to take a look at the docs of the rich text editor that you are using.