4579f7cd61
Instead, let's use a Loofah scrubber which will create DOM nodes directly. This should be faster and is a tiny bit simpler, as well as removing a potential HTML injection vector. Also, add "noreferrer" to all `mailto:` links (already present on URLs).
6 lines
147 B
Ruby
6 lines
147 B
Ruby
module HtmlHelper
|
|
def format_html(html)
|
|
Loofah::HTML5::DocumentFragment.parse(html).scrub!(AutoLinkScrubber.new).to_html.html_safe
|
|
end
|
|
end
|