similar to: Sanitize html with :before_save depending on logged in user

Yes, I know about the :if/:if_changed clause on acts_as_versioned ... content_changed or author_changed .... That''s not what I''m asking about. What I''m wondering about is something like applying the spiffy new 2.0 sanitize as a ''before_save'' -- A little inaccuracy can save tons of explanation. -- Saki

I am having a problem finding the best way to make a "before_save :encrypt_password" conditional. I have to at times update user model attributes but each time I do this the password is reencrypted because of the above. I need to differentiate between when the user is first logging in and the password does need to be encrypted, and when they are already logged in and the

Is it will known and accepted that before_save triggers should return true? I didn''t notice this before but now I see it in the documentation. Here is what I''m doing in my model: def before_save if self.has_album? self.visible = self.album.visible? end end That results in the expected result when album.visible? is true - but not when it is false. To make it

I use a call to the sanitize method every time I render some user input, but it would be much nicer if I could clean it up once before putting it into the database and avoid having to call the (relatively expensive) sanitize every time I render a page. My first thought was to just add something like: def message=(x) self[:message]=sanitize(x) end However, the sanitize helper cannot be called

i used this private function for removing leading and trailing white spaces from the values.that below function would be called before_save. when i print the value after it strips.it prints string without any spaces.but in the table fields it saves with spaces . waht would be the problem.pls help me class CompanyInfo < ActiveRecord::Base before_save :strip_whitespace def strip_whitespace

Hi all, Somewhat of a noob here. I have a table that has 5 file fields, and they are named file, file2, file3, file4, file 5. All of them will be .doc files. In firefox, I can upload these files just fine, and they will show up as Document.doc. In IE, it prepends the entire path. C:\My Documents\User\Desktop\Document.doc Which makes the file unreadable, and un-downloadable. I know that the

What''s the better thing to do in a before_save if you don''t want the save to continue? raise an exception, or do an errors.add or both? Thanks, Chris Nolan.ca http://kweschun.com/ - Do you have a Kweschun?

We all know that acts_as_tree gives us ability to set up data in a tree-like structure and use methods like ''parent'', ''children'' and so on. Something I''m completely stuck on. Observe. class Page < ActiveRecord::Base acts_as_tree def before_save raise self.parent.to_yaml end end Well, you''d think that it should show

Hi everybody I would like a function as the "before_save" method in the model. But it must be the opposite. When I take out data from the database through the model, I want to call a function before the data are available in the controller. Can anyone help me? ---- >>>> thx <<<< ---- -- Posted via http://www.ruby-forum.com/.

I''ve noticed that it is possible to pass javascript unaltered through the sanitize function using CSS. For example: sanitize( "<style type=''text/css''>body{background-image:url(''javascript:window.alert(1)'') }</style>" ) IE will execute the javascript. Firefox will not. I haven''t tried it with any other browsers.

There''s a small inconsistency in ActiveRecord''s callback syntax that has tripped me up before. It wouldn''t be a big deal, but it can lead to a silent failure. I''d like to suggest that it either be made consistent or be made to fail loudly. The issue is that to do something before validating, but only when creating, you use `before_validation on: :create`,

Hi, I want to use the method sanitize() to clean up some user input before I save it to the db. sanitize() is a helper method, so it is only usable in templates, right? So how can I use helper methods in the controller, or why should I not? I could build a template like "<%=sanitize(input)-%>" and use render_to_string, but that seems pretty hackish. Or I could sanitize every

It''s really confusing to decide whether sanitize will help avoid XSS in case when :attributes => %w( style ) on stackoverflow, people say that it is not safe, yet the examples they give such as style="background-image: url(javascript:[code]);" is being filtered out using sanitize and all that is left is style="" is there a way to get a definite answer if

Hello, First sentence of sanitize() method doc says: "This sanitize helper will html encode all tags and strip all attributes that aren''t specifically allowed." But sanitize("<h1>foo</h1> <bar>should html encode</bar>") == "<h1>foo</h1> should html encode". Shouldn''t it html encode <bar> to

Hi, I am using clang++3.9 to build a simple program with both CFI and safe-stack. I am getting linker errors when combining -fsanitize=safe-stack, -fsanitize=cfi, and -fno-sanitize-trap=all. Combining safe-stack and CFI without -fno-sanitize-trap=all works as expected. It looks like clang is attempting to link in two compiler-rt libraries, one for ubsan and one for safestack, and this causes

Hi, I have some html pages that are saved in DB and which require anchors for quickly jumping inside the page. People can edit the page manually, so in order to keep things clean I use Rails sanitize method to clean the html before output. The problem is that it is stripping my anchors. e.g: <h2 id=''team''>Our Team</h2> becomes <h2>Our Team</h2> How can

#user.rb ------> Model class User < ActiveRecord::Base attr_accessible :email, :name, :password, :password_confirmation has_secure_password before_save :create_remember_token . . . . . . . private def create_remember_token self.remember_token = SecureRandom.urlsafe_base64 end end #sessions_controller.rb ------->

hi all, i''m learning rspec and i can''t figure out how to test if a callback is executed in a model. my model code is: class User < ActiveRecord::Base before_save :encrypt_password ... def encrypt(password) self.class.encrypt(password, salt) end thanks a lot, cs. -- Posted via http://www.ruby-forum.com/.

i found the following functions or method to escape HTML, URL params, or Javascript data: <%= h @ha %> <%= sanitize @ha %> <%= u @ha %> <%= @ha.to_json %> <%= strip_tags @ha %> are they more functions or methods to do these things? and are there alternative ways to do that? thanks. -- Posted via http://www.ruby-forum.com/.

How can I html-escape an input fieldin my form ? I cannot use them directly h(f.text_field ''name'', :size => 30 %) or sanitize(f.text_field ''name'', :size => 30 %) are incorrect.... <% form_remote_for :property, @property, :url => {:action => @action, :id => @property }, :loading =>