I have a description field of a Project schema which I plan to edit with
a wysiwyg editor, so I wanted to save the string as html. I want to show the description html in the Project page by using the Phoenix raw function but I’m not sure if this is safe, especially as users would be able to edit their projects.
How can I make sure the html I render is safe?
If you know where I can learn more on sanitizing with phoenix it’d be of great help
Does the string have to be HTML? Can your WYSIWYG be a Markdown editor? If so, you can store the description as Markdown and parse it using something like Earmark.
Well, some editors spit out markdown, others restructured text, some plain HTML. For those that don’t give you the HTML, you need to render the source into HTML.
Rendering it each time the contents is requested might hurt server performance, therefore prerendered version is often cached in the database.