Answers:
中有一种strip_tags方法ActionView::Helpers::SanitizeHelper:
http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html#method-i-strip_tags
编辑:为了使文本进入value属性,您可以使用带有Xpath表达式的Nokogiri之类的东西从字符串中获取该文本。
如果我们想在模型中使用它
ActionView::Base.full_sanitizer.sanitize(html_string)这是“ strip_tags”方法中的代码
require 'html/sanitizer'实例化自己的消毒剂HTML::FullSanitizer.new。
require 'html/sanitizer'引发错误,所以我必须使用:Rails::Html::FullSanitizer.new(edgeapi.rubyonrails.org/classes/HTML/…)
ActionView::Base.full_sanitizer.sanitize(html_string)标签和属性的白名单可以指定为以下
ActionView::Base.full_sanitizer.sanitize(html_string, :tags => %w(img br p), :attributes => %w(src style))以上声明允许标签img,br和p以及属性src和style。
我使用了丝瓜络库,因为它适合HTML和XML(文档和字符串片段)。它是html消毒剂gem背后的引擎。我只是粘贴代码示例以说明它的使用非常简单。
unsafe_html = "ohai! <div>div is safe</div> <script>but script is not</script>"
doc = Loofah.fragment(unsafe_html).scrub!(:strip)
doc.to_s # => "ohai! <div>div is safe</div> "
doc.text # => "ohai! div is safe "这个怎么样?
white_list_sanitizer = Rails::Html::WhiteListSanitizer.new
WHITELIST = ['p','b','h1','h2','h3','h4','h5','h6','li','ul','ol','small','i','u']
[Your, Models, Here].each do |klass|
klass.all.each do |ob|
klass.attribute_names.each do |attrs|
if ob.send(attrs).is_a? String
ob.send("#{attrs}=", white_list_sanitizer.sanitize(ob.send(attrs), tags: WHITELIST, attributes: %w(id style)).gsub(/<p>\s*<\/p>\r\n/im, ''))
ob.save
end
end
end
endRails::Html::FullSanitizer.new,如果你不希望指定白名单。
text.strip有效