search

mbleigh / acts-as-taggable-on

A tagging plugin for Rails applications that allows for custom tagging along dynamic contexts.
http://mbleigh.lighthouseapp.com/projects/10116-acts-as-taggable-on
MIT License
4.95k stars 1.18k forks source link

Option to prevent user of inserting malicious text in the tag #1125

Open fguillen opened 2 months ago

fguillen commented 2 months ago

This is possible now :

user.update(tag_list: "one, two, <script>alert('hello')</script>")
user.tag_list
# => ["one", "two", "<script>alert('hello')</script>"]

Is there any option in the parser to clean the HTML code in the tags?