Skip to main content

sanitize_action_text_allowlists

🧹 Sanitizing ActionText with Custom AllowLists

Customize ActionText::ContentHelper sanitization rules to allow only specific tags and attributes, reducing XSS risk.

# config/initializers/action_text.rb
Rails::Html::SafeListSanitizer.allowed_tags += ['iframe']
Rails::Html::SafeListSanitizer.allowed_attributes += ['allowfullscreen']

🧹 Sanitizing ActionText with Custom AllowLists