Hi! You can simply use the sanitize(…) helper in your views to whitelist allowed tags and attributes… but what to do if you need to sanitize the content of a style attribute? I found a solution to sanitize inline css with rails. This may not be the best solution available, but I didn’t find another solution (like an argument for sanitize helper).
Put this code in your config/enviroment.rb
# ALLOWED CSS PROPERTIES HTML::WhiteListSanitizer.allowed_css_properties = Set.new(%w(text-align font-weight text-decoration font-style)) # ALLOWED CSS PROPERTIES - acts like property_name-*, for example `text` allows text-align, text-deco... HTML::WhiteListSanitizer.shorthand_css_properties = Set.new(%w())
Remember to restart your application, enviroment.rb must be reloaded also in development mode.
Have a nice day!
