diff options
Diffstat (limited to 'actionpack/lib/action_view/helpers/sanitize_helper.rb')
| -rw-r--r-- | actionpack/lib/action_view/helpers/sanitize_helper.rb | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/actionpack/lib/action_view/helpers/sanitize_helper.rb b/actionpack/lib/action_view/helpers/sanitize_helper.rb index 47fbe3a27a..3129ff414e 100644 --- a/actionpack/lib/action_view/helpers/sanitize_helper.rb +++ b/actionpack/lib/action_view/helpers/sanitize_helper.rb @@ -10,7 +10,7 @@ module ActionView base.extend(ClassMethods) end - # This #sanitize helper will html encode all tags and strip all attributes that aren't specifically allowed. + # This +sanitize+ helper will html encode all tags and strip all attributes that aren't specifically allowed. # It also strips href/src tags with invalid protocols, like javascript: especially. It does its best to counter any # tricks that hackers may use, like throwing in unicode/ascii/hex values to get past the javascript: filters. Check out # the extensive test suite. @@ -18,7 +18,7 @@ module ActionView # <%= sanitize @article.body %> # # You can add or remove tags/attributes if you want to customize it a bit. See ActionView::Base for full docs on the - # available options. You can add tags/attributes for single uses of #sanitize by passing either the :attributes or :tags options: + # available options. You can add tags/attributes for single uses of +sanitize+ by passing either the <tt>:attributes</tt> or <tt>:tags</tt> options: # # Normal Use # |