Class: Rack::UTF8Sanitizer
- Inherits:
-
Object
- Object
- Rack::UTF8Sanitizer
- Defined in:
- lib/rack/utf8_sanitizer.rb
Defined Under Namespace
Classes: SanitizedRackInput
Constant Summary collapse
- StringIO =
::StringIO
- URI_FIELDS =
%w( SCRIPT_NAME REQUEST_PATH REQUEST_URI PATH_INFO QUERY_STRING HTTP_REFERER ORIGINAL_FULLPATH ORIGINAL_SCRIPT_NAME )
- SANITIZABLE_CONTENT_TYPES =
%w( text/plain application/x-www-form-urlencoded application/json text/javascript )
- URI_ENCODED_CONTENT_TYPES =
%w( application/x-www-form-urlencoded )
Instance Method Summary collapse
- #call(env) ⇒ Object
-
#initialize(app) ⇒ UTF8Sanitizer
constructor
A new instance of UTF8Sanitizer.
- #sanitize(env) ⇒ Object
Constructor Details
#initialize(app) ⇒ UTF8Sanitizer
Returns a new instance of UTF8Sanitizer.
10 11 12 |
# File 'lib/rack/utf8_sanitizer.rb', line 10 def initialize(app) @app = app end |
Instance Method Details
#call(env) ⇒ Object
14 15 16 |
# File 'lib/rack/utf8_sanitizer.rb', line 14 def call(env) @app.call(sanitize(env)) end |
#sanitize(env) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'lib/rack/utf8_sanitizer.rb', line 39 def sanitize(env) sanitize_rack_input(env) env.each do |key, value| if URI_FIELDS.include?(key) env[key] = transfer_frozen(value, sanitize_uri_encoded_string(value)) elsif key.to_s.start_with?("HTTP_") # Just sanitize the headers and leave them in UTF-8. There is # no reason to have UTF-8 in headers, but if it's valid, let it be. env[key] = transfer_frozen(value, sanitize_string(value)) end end end |