Action text trix does not render image and other html tag inside the blob partial
I am migrating an app to rails 6.1.4.4 with action text and Trix rich editor. In the backend, Trix save uploaded file to active storage blob and show in the editor perfectly fine.
however when I tried to display in the front end without Trix, the uploaded image did not show as expected.
Below is my blob view
<!-- active_storage/blobs/_blob.html.erb -->
<figure class="attachment attachment--<%= blob.representable? ? "preview" : "file" %> attachment--<%= blob.filename.extension %>">
<% if blob.representable? %>
<% blog_url = blob.representation(resize_to_limit: local_assigns[:in_gallery] ? [ 600, 400 ] : [ 400, 400 ]).processed.service_url %>
<%= lazy_image(src: blog_url, alt: '', width: '400', height: '400') %>
<% end %>
<figcaption class="attachment__caption">
<% if caption = blob.try(:caption) %>
<%= caption %>
<% else %>
<span class="attachment__name"><%= blob.filename %></span>
<span class="attachment__size"><%= number_to_human_size blob.byte_size %></span>
<% end %>
</figcaption>
</figure>I also try a few other html tags, it seems some html tags are stripped out, keeping only the tag content instead of the full semantic tags.
Do my blob rendering contents get santinized? Am I missing any configuration to get the display working without trix editor?
Solution
I've solved this by adding the following code in config/application.rb
# Sanitize image in blob
tags = ['img', 'iframe']
config.action_view.sanitized_allowed_tags = tags
lazy_image_attrs = ['src', 'alt', 'data-src', 'data-srcset', 'width', 'height', 'class']
config.action_view.sanitized_allowed_attributes.push(*lazy_image_attrs)
- Server-sent events in Rails not delivered asynchronously
- Active resource rails not fetching data
- On Mac Big Sur, what is the right version of debase to use when debugging with rdebug-ide on a Rails 6 app?
- Why is Rails before_update callback deprecated? What's the alternative?
- What is the correct way to update images with has_many_attached in Rails 6
- PG::UndefinedFunction: ERROR: operator does not exist: text = boolean
- What the difference between implicit_order_column and default_scope in Rails?
- Rails default_url_options conflicts with params in path/url-helpers
- Set locale via default_url_options for Rails tests (Rails 6 and newer)
- Rails: Use of absolute path in Rails 6
- Rails lockbox and blind index, unable to access encrypted field
- Cancancan - define :create with association
- splitting.js results in "Uncaught TypeError: Splitting is not a function" in Rails 6
- invitation_accepted? returns FALSE in after_invitation_accepted CALLBACK
- Rails 6 Create new record and print to printer after comfirmation
- How to ignore a folder in Zeitwerk for Rails 6?
- Postgres: What does @@ (double at symbol) mean?
- Rails 6 Migration giving strange error after using multiple databases
- Upgraded Rails to 6, getting Blocked host Error
- Is it possible to use Action Cable in Rails 6 on Sprockets?
- ActionController::ParameterMissing in StaticPagesController#contact (Ruby on Rails 6)
- ActiveAdmin hide Delete action by condition
- ActiveAdmin actions
- Rails | Use Nested Attribute as Foreign Type For Polymorphic Association?
- Rails 6 Action Mailbox and Gmail Integration How To
- Understanding Ruby Versioning Conflicts: Unraveling the Net::ProtocRetryError and Net::BufferedIO::BUFSIZE Warnings
- Rails 6 active storage delete attachment doesn't delete file from server
- ArgumentError (wrong number of arguments (given 1, expected 0)) After Upgrading to Ruby on Rails 6.1
- Rails 6.1.5: uninitialized constant Mail::TestMailer
- Rails 6 Zeitwerk "DEPRECATION WARNING: Initialization autoloaded the constants..." but I can't figure out where?