Instead of using white_list_helper in every view just use it as model before_filter! This way you don’t have to escape/whitelist user-input data in every place they appear, just filter it on save.
class News < ActiveRecord::Base white_list # Filter all string or text fields with standard filter set end class News < ActiveRecord::Base white_list :only => [ :description ] # Filter description field with standard filter set end
:only => [] # Filter only included fields :except => [] # Filter all string or text fields except included :attributes => [] # Add specified attributes to allowed list :bad_tags => # Add specified tags to completely trim :protocols => [] # Add specified protocols to allowed list :tags => [] # Add specified tags to allowed list :profile => :default # Load specified profile. If no profile given then :default will be used. Avalible profiles :empty, :mini, :base, :web and :default
Profile will be used as template, and other options will be merged, so if you want options to be fully customized, use empty profile.
Copyright © 2008 Bernard Potocki, released under the MIT license