module ActionView::Helpers::SanitizeHelper

def sanitize(html, options = {})

config.action_view.sanitized_allowed_attributes = ['href', 'title']
config.action_view.sanitized_allowed_tags = ['strong', 'em', 'a']
# In config/application.rb

To set the default allowed tags or attributes across your application:

information about defining custom Loofah::Scrubber objects.
See {Loofah's documentation}[https://github.com/flavorjones/loofah] for more

<%= sanitize @comment.body, scrubber: scrubber %>

end
node.remove if node.name == 'script'
scrubber = Loofah::Scrubber.new do |node|

Providing a custom Loofah::Scrubber:

documentation about Rails::Html scrubbers.
See {Rails HTML Sanitizer}[https://github.com/rails/rails-html-sanitizer] for

<%= sanitize @comment.body, scrubber: CommentScrubber.new %>

end
end
node.text?
def skip_node?(node)

end
self.attributes = %w( style )
self.tags = %w( form script comment blockquote )
super
def initialize
class CommentScrubber < Rails::Html::PermitScrubber

Providing a custom Rails::Html scrubber:

<%= sanitize @comment.body, tags: %w(strong em a), attributes: %w(href) %>

Providing custom lists of permitted tags and attributes:

<%= sanitize @comment.body %>

Normal use:

==== Examples

custom tags and attributes.
defines custom sanitization rules. A custom scrubber takes precedence over
or {Loofah::Scrubber}[https://github.com/flavorjones/loofah] object that
* :scrubber - A {Rails::Html scrubber}[https://github.com/rails/rails-html-sanitizer]
* :attributes - An array of allowed attributes.
* :tags - An array of allowed tags.

==== Options

resulting markup is valid or even well-formed.
Please note that sanitizing user-provided text does not guarantee that the

Custom sanitization rules can also be provided.

Sanitizers}[https://github.com/rails/rails-html-sanitizer] for more information.
The default sanitizer is Rails::Html::SafeListSanitizer. See {Rails HTML

All special characters will be escaped.
ASCII, and hex character references to work around these protocol filters.
javascript:, while also protecting against attempts to use Unicode,
It also strips href/src attributes with unsafe protocols like

Sanitizes HTML input, stripping all but known-safe tags and attributes. 
def sanitize(html, options = {})
  self.class.safe_list_sanitizer.sanitize(html, options)&.html_safe
end

def sanitize_css(style)

Sanitizes a block of CSS code. Used by +sanitize+ when it comes across a style attribute. 
def sanitize_css(style)
  self.class.safe_list_sanitizer.sanitize_css(style)
end

def strip_links(html)

# => <malformed & link
strip_links('<malformed & link')

# => Blog: Visit.
strip_links('Blog: Visit.')

# => Please e-mail me at me@email.com.
strip_links('Please e-mail me at me@email.com.')

# => Ruby on Rails
strip_links('Ruby on Rails')

Strips all link tags from +html+ leaving just the link text. 
def strip_links(html)
  self.class.link_sanitizer.sanitize(html)
end

def strip_tags(html)

# => > A quote from Smith & Wesson
strip_tags("> A quote from Smith & Wesson")

# => Welcome to my website!
strip_tags("
Welcome to my website!
")

# => Bold no more! See more here...
strip_tags("Bold no more! See more here...")

# => Strip these tags!
strip_tags("Strip these tags!")

Strips all HTML tags from +html+, including comments and special characters. 
def strip_tags(html)
  self.class.full_sanitizer.sanitize(html)&.html_safe
end