Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
formatize
Formatize
As of version 3, Rails doesn't have the textilize,
textilize_without_paragraph, and markdown helper methods. Formatize brings
them back. Drop it into the old application you're upgrading and it'll smoothen
the process just that little bit more.
Installation
Put gem 'formatize' into your Gemfile and do a bundle install, and that's
it. Formatize depends on RedCloth and bluecloth so you will not have to
worry about those.
Usage
The textilize & textilize_without_paragraph helper methods
The textilize helper method accepts a string of
Textile and one or more flags. Often, the
default behavior will be suitable and you will not have to pass it any flags:
textilize("*This is Textile!* Rejoice!")
# => "<p><strong>This is Textile!</strong> Rejoice!</p>"
When necessary, flags are listed as such:
textilize("(snip)", :flag1, :flag2, :flag3)
# => "(snip)"
The RedCloth documentation
lists the available flags. The textilize_without_paragraph method
delegates to textilize but strips the surrounding <p> tags.
The markdown helper method
The markdown helper method accepts a string of
Markdown and one or more
flags. Often, the default behavior will be suitable and you will not have
to pass it any flags:
markdown("We are using __Markdown__ now!")
# => "<p>We are using <strong>Markdown</strong> now!</p>"
When necessary, flags are listed as such:
markdown("(snip)", :flag1, :flag2, :flag3)
# => "(snip)"
The bluecloth documentation
lists the available flags.
Sanitization
Both textilize and markdown sanitizes the input using Rails'
sanitize prior to parsing. Since both gems can do this themselves,
it's useful to be able to bypass the pre-parsing sanitization. Two ways:
- Pass a string that has been marked HTML safe. (Preferred).
- Use the special
:safeflag, which is not passed on to the parser. (Deprecated in 1.1, removed in 2.0).
With Rails' sanitize, if you don't bypass it, you can choose which tags and
attributes to allow as described in the
documentation.
Compatibility
Feel free to try other versions. Minor patches to support other versions are welcome.
Ruby versions
- 1.9.3-p125
- 1.8.7-p358
Latest versions in the 1.8 and 1.9 series. Generally, Formatize will not jump through hoops to support other versions. 1.8 support may be dropped eventually.
Rails versions
- 3.2.2
- 3.1.4
- 3.0.12
The latest versions in all the 3.0 series. This is likely to change when 4.0 is released.
Dependencies
RedClothgemblueclothgem
Copyright & Licensing
Copyright (c) 2012 David Trasbo
Released under the MIT License. See LICENSE for details.
FAQs
Unknown package
We found that formatize demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 17 Apr 2012
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025