Menu
I have a simple blog application on rails 4.1.4 that allows users to create posts. Whenever a user adds a link in their post, the target="_blank" tag is removed by rails. For example:
User inputs:
<a href="www.google.com" target="_blank">Google</a>
When viewing source of the created post:
<a href="www.google.com">Google</a>
is shown.
Am I missing something obvious here? Why is the target attribute being removed by rails?
889
Rails sanitizes output by default, and the target attribute is one of the attributes that gets stripped out by default. You can white list the target attribute with something like:
<%= sanitize html.body, attributes: %w(href target) %>
More info here: http://api.rubyonrails.org/classes/ActionView/Helpers/SanitizeHelper.html
130
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
