开发者

Escape HTML in markdown in HAML

问答 作者:

Is it possible, in Rails 3.1, to escape HTML in markdown in HAML to avoid XSS? I mean when you 开发者_开发知识库do something like:

:markdown
  Hello #{@user.name}

Thanks.

For now I created this:

module Haml::Filters::SafeMarkdown
  include Haml::Filters::Base
  lazy_require "rdiscount", "peg_markdown", "maruku", "bluecloth"

  def render(text)
    engine = case @required
               when "rdiscount"
                 ::RDiscount
               when "peg_markdown"
                 ::PEGMarkdown
               when "maruku"
                 ::Maruku
               when "bluecloth"
                 ::BlueCloth
             end
    engine.new(Haml::Helpers.html_escape(text)).to_html
  end
end

and to make it easy to use it directly:

module SafeMarkdown
  def self.render(text)
    Haml::Filters.defined["safemarkdown"].render(text).html_safe
  end
end

It seems to work for now. Does anybody have a comment?

继续阅读:hamlmarkdownruby-on-railsxss

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9