Module: ActiveAdmin::Sanitizer

Extended by:

Sanitizer

Included in:

Sanitizer

Defined in:

lib/active_admin/csv_builder.rb

Overview

Prevents CSV Injection according to owasp.org/www-community/attacks/CSV_Injection

Constant Summary

ATTACK_CHARACTERS =

["=", "+", "-", "@", "\t", "\r"].freeze

Instance Method Summary

• #require_sanitization?(value) ⇒ Boolean
• #sanitize(value) ⇒ Object

Instance Method Details

#require_sanitization?(value) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/active_admin/csv_builder.rb', line 140

def require_sanitization?(value)
  value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS)
end

#sanitize(value) ⇒ Object

# File 'lib/active_admin/csv_builder.rb', line 134

def sanitize(value)
  return "'#{value}" if require_sanitization?(value)

  value
end