问题
I'm trying to sanitize an html string, but I want to whitelist image urls. My code:
ActionView::Base.full_sanitizer.sanitize(phrase.meaning, tags: %w(img), attributes: %w(src))
This doesn't work, because it deletes all html tags and the value of src.
My expected result in a json file:
meaning: "Lorem ipsum.... http://localhost/image1.jpg .... Lorem ipsum"
回答1:
Perhaps it is easier to use the PermitScrubber from the same gem directly:
html = 'Foo <img src="foo" title="bar"> <a href="foo">bar</a> blob'
scrubber = Rails::Html::PermitScrubber.new
scrubber.tags = ['img']
html_fragment = Loofah.fragment(html)
html_fragment.scrub!(scrubber)
html_fragment.to_s
#=> "Foo <img src=\"foo\" title=\"bar\"> bar blob"
来源:https://stackoverflow.com/questions/35772712/how-to-sanitize-html-string-except-image-url