Menu
I know how to sanitize user input client side but I would also do it on the server side. I know that the proper place to do it is using changeset but up to now I cannot find an example of how to do it properly for <script></script> tags and other potential harmful content like SQL injection.
Because I want to allow users to change HTML content and save that HTML in the database I cannot use standard validation and I display raw HTML in the templates.
Can someone give me an example?
944
The phoenix_html library sanitizes user input by default:
<%= "<script>alert("hi")</script>" %>
Will display as:
<script>alert("hi")</script>
This has to be overriden with raw/1:
<%= raw "<script>alert("hi")</script>" %>
Will display as
<script>alert("hi")</script>
If you would like to do this yourself (outside of an EEx template for example), you can use html_escape/1.
147
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
