pass iframe through sanitize

[Grigory Antonov]

Hello,

I want to let users place in textfield an iframe tag from google maps.

Sanitize cuts everything. I want to  add some kind of rule to sanitize, so it cuts js, but pass through an iframe from google maps and yandex maps

Tried to place in  config config.action_view.sanitized_allowed_tags = %w('iframe') . It didn't help.

sample 

<iframe width="650" height="300" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" src="http://maps.google.ru/maps/ms?hl=ru&amp;gl=ru&amp;ptab=2&amp;ie=UTF8&amp;oe=UTF8&amp;msa=0&amp;msid=217915074489641580339.0004929006f65793c1d47&amp;t=h&amp;source=embed&amp;ll=55.823209,37.8167&amp;spn=0.023998,0.037119&amp;output=embed"></iframe>

[Shlomi Zadok]

In config/initializers/sanitizer.rb

add:

HTML::WhiteListSanitizer.allowed_tags << 'iframe'

On Mar 24, 9:56 am, Grigory Antonov <antono...@gmail.com> wrote:
> Hello,
> I want to let users place in textfield an iframe tag from google maps.
> Sanitize cuts everything. I want to  add some kind of rule to sanitize, so
> it cuts js, but pass through an iframe from google maps and yandex maps
> Tried to place in  config config.action_view.sanitized_allowed_tags =
> %w('iframe') . It didn't help.
> sample
> <iframe width="650" height="300" frameborder="0" scrolling="no"
> marginheight="0" marginwidth="0"

> src="http://maps.google.ru/maps/ms?hl=ru&gl=ru&ptab=2&ie=UTF8&..."></iframe>