That said I'm guessing the output is probably being passed through the h function (which html escapes the string passed in). If this is not the problem, please feel free to post the view so I can help troubleshoot it.
> --
> You received this message because you are subscribed to the Google Groups "tinymce_hammer" group.
> To post to this group, send email to tinymce...@googlegroups.com.
> To unsubscribe from this group, send email to tinymce_hamme...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/tinymce_hammer?hl=en.
>
1) Its available through an administrative interface where only trusted users can enter content. This gets inserted into the db and views w/out escaping.
2) Public users entering content through tinymce get their contented filtered twice. First I use TinyMCE's own configuration to do a coarse first pass filtering and then I use the HTML Sanitize gem to do a strict filtering before the content is inserted into the db. Once in the db is should be "trustworthy" so it can be placed into the view without a call to the h function.
Here are the configurations I use for each:
TinyMCE
[:valid_elements, "a[href|title],blockquote[cite],br,caption,cite,code,dl,dt,dd,em,i,img[src|alt|style|title|width|height|align],li,ol,p,pre,q[cite],small,strike,strong/b,sub,sup,u,ul"]
HTML Sanitizer
Sanitize.clean(
:protocols => {
"a" => { "href" => ["ftp", "http", "https", "mailto", :relative] },
"img" => { "src" => ["http", "https", :relative] },
"blockquote" => { "cite" => ["http", "https", :relative] },
"q" => { "cite" => ["http", "https", :relative] },
},
:attributes => {
"a" => ["href", "title"],
"img" => ["src", "style", "alt", "title", "width", "height", "align"],
"blockquote" => ["cite"],
"q" => ["cite"],
},
:elements => %w(
a b blockquote br caption cite code dl dt dd em i img
li ol p pre q small strike strong sub sup u ul
)
)
TinyMCE isn't capible enough to safely do all the filtering, so I use both.
- Trevor Rowe