9705360d98
Allowing every format is way more than what we initially intended. I've only added h2 and h3 because h1 is set somewhere else in the page (like the title), and h4, h5 and h6 are usually not necessary.
10 lines
262 B
Ruby
10 lines
262 B
Ruby
class WYSIWYGSanitizer
|
|
|
|
ALLOWED_TAGS = %w(p ul ol li strong em u s img a h2 h3)
|
|
ALLOWED_ATTRIBUTES = %w(href style src alt)
|
|
|
|
def sanitize(html)
|
|
ActionController::Base.helpers.sanitize(html, tags: ALLOWED_TAGS, attributes: ALLOWED_ATTRIBUTES)
|
|
end
|
|
|
|
end |