instance method String#stripScripts

View source on GitHub →

String#stripScripts() → String

Strips a string of things that look like HTML script blocks.

"<p>This is a test.<script>alert("Look, a test!");</script>End of test</p>".stripScripts();
// => "<p>This is a test.End of test</p>"
Caveat User

Note that the processing String#stripScripts does is good enough for most purposes, but you cannot rely on it for security purposes. If you're processing end-user-supplied content, String#stripScripts is probably not sufficiently robust to prevent hack attacks.