similar to: How to sanitize _before_ going into the database?

Displaying 20 results from an estimated 5000 matches similar to: "How to sanitize _before_ going into the database?"

2009 Apr 22
2
what escape or sanitize functions are out there?
i found the following functions or method to escape HTML, URL params, or Javascript data: <%= h @ha %> <%= sanitize @ha %> <%= u @ha %> <%= @ha.to_json %> <%= strip_tags @ha %> are they more functions or methods to do these things? and are there alternative ways to do that? thanks. -- Posted via http://www.ruby-forum.com/.
2007 Nov 29
27
Strip & Sanitize BEFORE saving data
So I''ve googled my brains out, and I see a lot of talk about TextHelper for views, but next to no discussion about cleaning text _before_ it is saved. I figured this had to be asked 4 zillion times, but I''m not finding anything concrete/obvious. Using h is fine as a safety catch, but that alone is not acceptable to me as the means of diffusing the impact of HTML or JS
2006 May 18
5
acts_as_classifiable plugin
Hello, I am pleased to announce the availability of the plugin acts_as_classifier which allows using the ''classifier'' gem in a Rails application. This plugin can be downloaded from http://opensvn.csie.org/sksinghi/acts_as_classifiable/ This plugin is useful in scenarios where you want to distinguish between spam or non-spam comments, Or maybe you want to track the
2008 Apr 02
9
application.html for website in 2 languages?
Hello, I''m a newbie on the rails environment. I''ve just created an application.html.erb to have the same layout on all pages but the site will be available in 2 different languages, then with 2 different layouts. Then I would like to have an application.html.erb with the layout in French and an application.html.erb with the layout in English. Thanks you for your help, --
2010 Mar 16
7
Recommendations for pdf generators
hi, everyone, i have googled around for some pdf generators. Found 1) PDF::Writer which is a little dated 2) Rupdf (http://scoop.simplyexcited.co.uk//2007/12/15/rupdf-simple- ruby-pdf-rails-plugin/ and http://agilewebdevelopment.com/plugins/rupdf) - it''s a little dated. Last revision was on 15th of Dec, 2007. Any recommendations for pdf generators? thank you -- You received this
2013 Mar 27
1
remove all html tag before validation
hi, is there a clean way to remove all html tag of all attributes before validation I found acts_as_sanitized that seemed to be perfect, but for rails 2 :-s thanks -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to
2006 May 11
3
sanitize dangers
I''ve noticed that it is possible to pass javascript unaltered through the sanitize function using CSS. For example: sanitize( "<style type=''text/css''>body{background-image:url(''javascript:window.alert(1)'') }</style>" ) IE will execute the javascript. Firefox will not. I haven''t tried it with any other browsers.
2017 Jan 31
1
CFI, Safe-Stack, and -fno-sanitize-trap
Hi, I am using clang++3.9 to build a simple program with both CFI and safe-stack. I am getting linker errors when combining -fsanitize=safe-stack, -fsanitize=cfi, and -fno-sanitize-trap=all. Combining safe-stack and CFI without -fno-sanitize-trap=all works as expected. It looks like clang is attempting to link in two compiler-rt libraries, one for ubsan and one for safestack, and this causes
2006 May 05
4
Is sanitize() strong enough to protect me from XSS?
Haven''t been able to find a good enough answer on whether using sanitize() is enough to really protect me from XSS attacks I basically have a blog page that I want to allow people to display comments on but would like to allow html tags to be posted on the comments, these could html tags like the imageshack img tags, youtube player, photobucket img tags etc any other approaches or
2009 Jan 24
1
Rails sanitize method is stripping my anchors
Hi, I have some html pages that are saved in DB and which require anchors for quickly jumping inside the page. People can edit the page manually, so in order to keep things clean I use Rails sanitize method to clean the html before output. The problem is that it is stripping my anchors. e.g: <h2 id=''team''>Our Team</h2> becomes <h2>Our Team</h2> How can
2006 Aug 10
3
Want to use a view helper (TextHelper) in a model class
I have a model that deals with HTML and I want to use the text_helper.sanitize method to strip the HTML of Javascript. However, it doesn''t appear that I can get easy access to the text_helper methods from within a model. Anyone have any suggestions for how to do this? In general, I think that there are some ActionView helpers which are generic enough to want to use in a model class.
2008 Apr 04
8
Updatable "datagrid" with ajax support? Is there any code/approach I can leverage?
Hi, I want to have a page in my Ruby on Rails application that is like a dynamic / updateable data grid. Like a matrix or spreadsheet segment (x rows, y columns) which one can click in any of the cells and make an update, which triggers some AJAX code to fire off the update, and then the responses come back and update whatever else needs updating based on this change. Is there a prototype
2005 May 24
3
textilize/markdown/sanitize for messageboards, oh my!
Hullo, fellow Railsers! (warning: this isn''t a 100% Rails specific question, but I guess it very much applies to what a lot of us are currently doing.) For a project that involves messageboard functionality I''m looking for a good way of sanitizing user input, so the silly fools, err, my wonderful users don''t mess things up too much. I''ve played around with
2011 Jan 13
5
undefined method `xss_terminate'
I''m trying to run a rails app developed by my firm on my Ubuntu machine. I''m using RVM with what I think are all the appropriate gems installed. The application works fine on co-workers OSX machines. When running db:migrate I get the following error: $ rake db:migrate --trace ... rake aborted! An error has occurred, all later migrations canceled: undefined method
2006 Feb 10
1
validation error reporting on child object
How does one deal with validation error messages on child objects of the main model object behind a page? I have the basic blog w/ comments page (only my "entry" is a "proposal"). I have the comments saving just fine, but I wanted to show an error if the user hits the submit button without typing anything in the comment. I added "validates_presence_of
2014 Nov 17
1
[PATCH V3 2/2] virtio-net: sanitize buggy features advertised by host
This patch tries to detect the possible buggy features advertised by host and sanitize them. One example is booting virtio-net with only ctrl_vq disabled, qemu may still advertise many features which depends on it. This will trigger several BUG()s in virtnet_send_command(). This patch utilizes the sanitize_features() method, and disables all features that depends on ctrl_vq if it was not
2014 Nov 17
1
[PATCH V3 2/2] virtio-net: sanitize buggy features advertised by host
This patch tries to detect the possible buggy features advertised by host and sanitize them. One example is booting virtio-net with only ctrl_vq disabled, qemu may still advertise many features which depends on it. This will trigger several BUG()s in virtnet_send_command(). This patch utilizes the sanitize_features() method, and disables all features that depends on ctrl_vq if it was not
2006 Jun 20
22
New e-book - The Money Train
While talking about my RailsConf presentation with Ben Wiseley, he suggested writing a book on the same topic... so I did! The Money Train is an e-book about building e-commerce sites using Ruby on Rails. Read my blog entry about it at http://www.bencurtis.com/archives/ 2006/06/rails-e-commerce-e-book/ or head to http:// www.agilewebdevelopment.com/book to dive right in. As always, a big
2014 Nov 18
1
[PATCH V3 2/2] virtio-net: sanitize buggy features advertised by host
On 11/17/2014 06:08 PM, Michael S. Tsirkin wrote: > On Mon, Nov 17, 2014 at 05:17:18PM +0800, Jason Wang wrote: >> This patch tries to detect the possible buggy features advertised by host >> and sanitize them. One example is booting virtio-net with only ctrl_vq >> disabled, qemu may still advertise many features which depends on it. This >> will trigger several BUG()s
2014 Nov 18
1
[PATCH V3 2/2] virtio-net: sanitize buggy features advertised by host
On 11/17/2014 06:08 PM, Michael S. Tsirkin wrote: > On Mon, Nov 17, 2014 at 05:17:18PM +0800, Jason Wang wrote: >> This patch tries to detect the possible buggy features advertised by host >> and sanitize them. One example is booting virtio-net with only ctrl_vq >> disabled, qemu may still advertise many features which depends on it. This >> will trigger several BUG()s