I want use RedCloth gem, i install it, in my gemfile i put -> gem 'RedCloth' in my show.html.erb i put ->
<%= RedCloth.new(@post.text).to_html %>
and i saw simple html syntax, than i use
<%= raw RedCloth.new(@post.text).to_html %>
and it work perfect, it's not safe
@post.text -> puts by some user
and when i put <script> alert('!!!') </script> i saw "!!!" in alert
How to use RedCloth safely ( or recomend another gem )
The sanitize gem https://github.com/rgrove/sanitize/ is a solid choice for whitelisting only certain html elements and blocking others (eg )