allow script tag

Question

allow script tag

mm580486 opened this issue 3 years ago · 3 comments

Hi in your DC i cant find anything about javascript tag or etc like that i used grape and your gem but script tag remove after render
full_sanitizer.sanitize(ERB.new(raw).result(binding),tags: %w( form comment blockquote ))

Answer 1 · 2022-06-21T17:06:40.000Z

Hi, by default script tags are removed by this gem because the goal is to sanitize untrusted HTML.

You can override the set of disallowed tags if you wish, but allowing script tags to remain in untrusted HTML is not safe, you shouldn't do it, and this gem may not solve the problem you think you're solving.

If you want to ask some more specific questions I'd be happy to try to answer, but in the meantime I'm going to close this issue.

Answer 2 · 2022-06-21T17:13:32.000Z

i used this repo for develop https://github.com/openware/peatio and this repo use your gem for rendering

Answer 3 · 2022-06-21T17:40:35.000Z

If you want to ask some more specific questions I'd be happy to try to answer.