How do I textile and sanitize html?

Question

Now i ran into some stupid situation. I want the users to be able to use textile, but they shouldn\'t mess around with my valid HTML around their entry. So I have to escape

Answer 1

For those who run into the same problem: If you are using the RedCloth gem you can just define your own method (in one of your helpers).

def safe_textilize( s )
  if s && s.respond_to?(:to_s)
    doc = RedCloth.new( s.to_s )
    doc.filter_html = true
    doc.to_html
  end
end

Excerpt from the Documentation:

Accessors for setting security restrictions.

This is a nice thing if you‘re using RedCloth for formatting in public places (e.g. Wikis) where you don‘t want users to abuse HTML for bad things.

If filter_html is set, HTML which wasn‘t created by the Textile processor will be escaped. Alternatively, if sanitize_html is set, HTML can pass through the Textile processor but unauthorized tags and attributes will be removed.