I'm trying to escape user generated content in Rails. I have used raw with sanitize and raw helpers to filter content like this:
raw(sanitize(code, :tags => ['<', 'h2','h3','p','br','ul','ol','li','code','pre','a'] ))
The list of tags mentioned are allowed in the content.
The problem is when I try to test it with a sql query like this:
mysql -u sat -p -h localhost database < data.sql
inside pre and code blocks it removes everything after the less than (<) sign.
Please help me figure out a way to do this.
It seems like the whole issue was with the way data being stored in the database. Previously, a less than sign '<' was being saved as it is but now it is being escaped so a '<' would be saved as < which seems to have solved the problem.
I was able to understand that accidentally while using tinymce-rails WYSIWYG editor which was escaping the '<' automatically.
@kieran-johnson's answer might have done the same but tinymce-rails solved it without installing an extra gem.
Thank you all of you who took out time to help.