在rails form_for中,如何使用sanitize或html_safe?在视图中的何处添加sanitize或html_safe?还是我们需要创建任何辅助方法?还是可以在控制器级别解决?最好的安全选项是什么?
<%= form_for @user, :html => {:id => "account_edit"} do |f|%>
<%= f.hidden_field :id %>
<div class="control-group">
<%= f.label :email, nil, {:class => "control-label"}%>
<%= f.text_field :email, {:class => "span12"}%>
</div>
<div class="control-group">
<%= f.label :first_name, nil, {:class => "control-label"}%>
<%= f.text_field :first_name, {:class => "span12"} %>
</div>
<div>
<%= f.label :last_name, nil, {:class => "control-label"}%>
<%= f.text_field :last_name, {:class => "span12"} %>
</div>
<div class="control-group">
<%= f.label :password, nil, {:class => "control-label"}%>
<%= f.password_field :password, {:class => "span12", :placeholder => "Enter Password"}%>
</div>
<div class="control-group">
<%= f.label :password_confirmation, nil, {:class => "control-label"}%>
<%= f.password_field :password_confirmation, {:class => "span12", :placeholder => "Enter Password"} %>
</div>
<div class="form-actions no-margin">
<%= f.submit "Submit", {:id => 'submit_button', :class => "btn btn-info pull-right"} %>
</div>
<div class="clearfix">
</div>
<% end %>