是否有可能,在Rails 3.1中,在HAML中以markdown逃避HTML以避免XSS?我的意思是当你做这样的事情:
:markdown
Hello #{@user.name}
谢谢。
现在我创建了这个:
module Haml::Filters::SafeMarkdown
include Haml::Filters::Base
lazy_require "rdiscount", "peg_markdown", "maruku", "bluecloth"
def render(text)
engine = case @required
when "rdiscount"
::RDiscount
when "peg_markdown"
::PEGMarkdown
when "maruku"
::Maruku
when "bluecloth"
::BlueCloth
end
engine.new(Haml::Helpers.html_escape(text)).to_html
end
end
并使其易于直接使用:
module SafeMarkdown
def self.render(text)
Haml::Filters.defined["safemarkdown"].render(text).html_safe
end
end
它现在似乎有效。有人要评论吗?