发表新帖
发表新帖

Sanitizing CSS in Rails

后端 未结
关注
2 1374
慢半拍i
慢半拍i 2020-12-30 06:13

I want to allow the users of a web app that I\'m building to write their own CSS in order to customize their profile page.

However I am aware of this opening up for

2条回答
  • 猫巷女王i
    猫巷女王i (楼主)
    2020-12-30 06:46

    Rails has a built-in css sanitizer

    See http://apidock.com/rails/ActionView/Helpers/SanitizeHelper/sanitize_css and its parent http://apidock.com/rails/ActionView/Helpers/SanitizeHelper/sanitize

    > ActionController::Base.helpers.sanitize_css('background:#fff')
=> "background: #fff;" 
> ActionController::Base.helpers.sanitize_css('javascript:alert("garr");')
=> ""

    0 讨论(0)
 看不清?
提交回复
热议问题