0

我安装了带有 Coderay 的 RedCloth,以突出显示我在博客中粘贴的代码。

如果我粘贴一些这样的代码:

 CodeRay.scan(
"set_meta_tags :og => {
        :title => @blog.title,
        :type => 'article',
        :url => current_url,
        :image => @blog.blog_images.first.image.url,
        :article => {:published_time => @blog.created_at.to_time.iso8601,
                     :modified_time => @blog.updated_at.to_time.iso8601,
                     :author => 'Name',
                     :section => @blog.categories.first.name,
                     :tags => @blog.categories.map(&:name).join(', ')
        }}",
:ruby).div(:css => :class)

我懂了

set_meta_tags :og => {

        :title => blog</span>.title,
        <span class="symbol">:type</span> =&gt; <span class="string"><span class="delimiter">'</span><span class="content">article</span><span class="delimiter">'</span></span>,
        <span class="symbol">:url</span> =&gt; current_url,
        <span class="symbol">:image</span> =&gt; <span class="instance-variable">blog.blog_images.first.image.url,

        :article => {:published_time => blog</span>.created_at.to_time.iso8601,
                     <span class="symbol">:modified_time</span> =&gt; <span class="instance-variable">blog.updated_at.to_time.iso8601,

                     :author => ‘Name’,

                     :section => blog</span>.categories.first.name,
                     <span class="symbol">:tags</span> =&gt; <span class="instance-variable">blog.categories.map(&:name).join(‘, ’)

        }}

我怎样才能摆脱它?

非常感谢

4

1 回答 1

0

您可以在将标记sanitize输出到视图中之前传递标记。这将保留无害的 html 标签,但会去除潜在的有害内容,例如<script>

<%= sanitize CodeRay.scan(..., :ruby).div(:css => :class) %>

如果您可以 100% 信任标记(我认为在这种情况下可以),您可以使用raw绕过转义或html_safe将字符串标记为安全。这将导致输出所有标签。

<%= raw CodeRay.scan(..., :ruby).div(:css => :class) %>

或者

<%= CodeRay.scan(..., :ruby).div(:css => :class).html_safe %>

另请参阅http://guides.rubyonrails.org/active_support_core_extensions.html#output-safety

于 2014-09-26T10:05:31.747 回答