I have text content prepared using the wysihtml5 gem, which I would like to show in a div. Question is how to "render" this text content, as to be "safe". Should I use
= text.html_safe
or
= simple_format(text)
or
= raw(text)
or...
If you would like to show everything, as it was entered in wysihtml5 (but not 100% safe), than use any of these:
= text.html_safe
= raw text
== text
If you would like to make it absolutely safe, then use:
== sanitize text, tags: %w(em strong b i u a ...), attributes: %w(href title ...)
In such way you can control tags that are allowed and allowed attributes for tags.