I wanted to make an ActiveRecord mod that added a "sanitize_html"
function that caused the attributes listed as its parameters to be
automatically stripped of dangerous HTML segments through use of
ActionView::Helpers::TextHelper.sanitize.
It was a bit messy to get working because I had to pull part of
ActionPack into ActiveRecord, and also avoid a clash with the AR
sanitize method (used for database quoting).
To make it much easier to call sanitize in AR I would suggest it be
moved to an ActiveSupport class, and from there made available as a
ActionView helper. I think storing these attributes in sanitized form
is a good alternative to sanitizing on every display.
Perhaps the same should be done for
ActionView::Helpers::TextHelper.strip_tags.
Code for sanitize_html:
class ActiveRecord::Base
def self.sanitize_html(*attrs)
unless ActiveRecord::Base.const_defined?(''Sanitization'')
require_gem ''actionpack''
ActiveRecord::Base.class_eval <<-EOF
class Sanitization
extend(ActionView::Helpers::TextHelper)
end
EOF
end
before_validation "#{attrs.inspect}.each {|attr| self[attr]
ActiveRecord::Base::Sanitization.sanitize(self[attr])}"
end
end
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Core" group.
To post to this group, send email to rubyonrails-core@googlegroups.com
To unsubscribe from this group, send email to
rubyonrails-core-unsubscribe@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core
-~----------~----~----~----~------~----~------~--~---