Class: Rack::UTF8Sanitizer

Inherits:

Object

• Object
• Rack::UTF8Sanitizer

Defined in:

lib/rack/utf8_sanitizer.rb

Defined Under Namespace

Classes: SanitizedRackInput

Constant Summary

StringIO =

::StringIO

URI_FIELDS =

rack.rubyforge.org/doc/SPEC.html

%w(
    SCRIPT_NAME
    REQUEST_PATH REQUEST_URI PATH_INFO
    QUERY_STRING
    HTTP_REFERER
    ORIGINAL_FULLPATH
    ORIGINAL_SCRIPT_NAME
)

SANITIZABLE_CONTENT_TYPES =

%w(
  text/plain
  application/x-www-form-urlencoded
  application/json
  text/javascript
)

URI_ENCODED_CONTENT_TYPES =

%w(
  application/x-www-form-urlencoded
)

Instance Method Summary

• #call(env) ⇒ Object
• #initialize(app) ⇒ UTF8Sanitizer constructor

  A new instance of UTF8Sanitizer.

• #sanitize(env) ⇒ Object

Constructor Details

#initialize(app) ⇒ UTF8Sanitizer

Returns a new instance of UTF8Sanitizer.

# File 'lib/rack/utf8_sanitizer.rb', line 10

def initialize(app)
  @app = app
end

Instance Method Details

#call(env) ⇒ Object

# File 'lib/rack/utf8_sanitizer.rb', line 14

def call(env)
  @app.call(sanitize(env))
end

#sanitize(env) ⇒ Object

# File 'lib/rack/utf8_sanitizer.rb', line 39

def sanitize(env)
  sanitize_rack_input(env)
  env.each do |key, value|
    if URI_FIELDS.include?(key)
      env[key] = transfer_frozen(value,
          sanitize_uri_encoded_string(value))
    elsif key.to_s.start_with?("HTTP_")
      # Just sanitize the headers and leave them in UTF-8. There is
      # no reason to have UTF-8 in headers, but if it's valid, let it be.
      env[key] = transfer_frozen(value,
          sanitize_string(value))
    end
  end
end