1
我有一個數據庫充滿了舊博客文章,我試圖遷移到Rails。身體字段由職位,看有沒有類似這樣的格式:在Rails 3中渲染安全的html
Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text.
<iframe src="http://www.youtube.com?v=XXXXXXXX" width="400" height="250"></iframe>
Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text.
<ul>
<li>List item</li>
<li>List item</li>
<li>List item</li>
<li>List item</li>
</ul>
Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text. Paragraph text paragraph text paragraph text and even more paragraph text.
所以我想要做的是包裹在<p>段落文本,但先不談其他HTML元素。以下是我已經試過:
simple_format(@ post.body) =這使周圍的一切<p>,又污染我的無序列表,每個列表項之間的休息時間。此外,iframe嵌入不會顯示。
原料(@ post.body)或@ post.body.html_safe =的iframe嵌入和無序列表顯示了巨大的,但一切都運行起來,因爲有新的線路沒有替換。
simple_format(@ post.body,{},{:sanitize => false}) =酷。現在我可以看到所有的html標籤了!在所有
@ post.body.gsub不起作用(/ \ r \ n?/ 「<br/>」).html_safe =同樣的問題與simple_format ......我越來越換行符在我html塊元素標籤。
有關如何完成此任務的任何建議?
注意!在unsanitized,不受信任的字符串*上調用'html_safe' *會讓你開放給XSS攻擊。如果你在某個地方調用'html_safe',你必須絕對確定該字符串不包含不可信用戶輸入。 – Ajedi32