Option to prevent user of inserting malicious text in the tag

[fguillen]

This is possible now :

user.update(tag_list: "one, two, <script>alert('hello')</script>")
user.tag_list
# => ["one", "two", "<script>alert('hello')</script>"]

Is there any option in the parser to clean the HTML code in the tags?

[MyklClason]

Seems like a good idea to do by default, I'm hard pressed to think of any situation where it makes sense to store tags in the database with html tags.

If it's a concern, definitely use something to strip out the tags at the controller level or even the model level, but I think it makes sense for the gem to remove them by default and have a option to not do so.

Edit: https://github.com/mbleigh/acts-as-taggable-on?tab=readme-ov-file#tag-parsers supported in general via tag parsers.