Module: Loofah::ActiveRecordExtension

Defined in:: lib/loofah/activerecord/active_record.rb

Overview

Loofah can scrub ActiveRecord attributes in a before_validation callback:

# config/initializers/loofah.rb
require 'loofah-activerecord'

# db/schema.rb
create_table "posts" do |t|
  t.string  "title"
  t.string  "body"
end

# app/model/post.rb
class Post < ActiveRecord::Base
  html_fragment :body, :scrub => :prune  # scrubs 'body' in a before_validation
end

Instance Method Summary collapse

#html_document(attr, options = {}) ⇒ Object

:call-seq: model.html_document(attribute, :scrub => scrubber_specification).
#html_fragment(attr, options = {}) ⇒ Object

:call-seq: html_fragment(attribute, :scrub => scrubber_specification).

Instance Method Details

#html_document(attr, options = {}) ⇒ `Object`

:call-seq:

  model.html_document(attribute, :scrub => scrubber_specification)

Scrub an ActiveRecord attribute +attribute+ as an HTML *document*
using the method specified by +scrubber_specification+.

+scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:

* a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
* or a Scrubber instance.

Raises:

(ArgumentError)

# File 'lib/loofah/activerecord/active_record.rb', line 51

def html_document(attr, options={})
  raise ArgumentError, "html_document requires :scrub option" unless method = options[:scrub]
  before_validation do |record|
    record[attr] = Loofah.scrub_document(record[attr], method).to_s
  end
end

#html_fragment(attr, options = {}) ⇒ `Object`

:call-seq:

  html_fragment(attribute, :scrub => scrubber_specification)

Scrub an ActiveRecord attribute +attribute+ as an HTML *fragment*
using the method specified by +scrubber_specification+.

+scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:

* a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
* or a Scrubber instance. (see Loofah::Scrubber for help on implementing a custom scrubber)

Raises:

(ArgumentError)

# File 'lib/loofah/activerecord/active_record.rb', line 32

def html_fragment(attr, options={})
  raise ArgumentError, "html_fragment requires :scrub option" unless method = options[:scrub]
  before_validation do |record|
    record[attr] = Loofah.scrub_fragment(record[attr], method).to_s
  end
end

Module: Loofah::ActiveRecordExtension

Overview

Instance Method Summary collapse

Instance Method Details

#html_document(attr, options = {}) ⇒ Object

#html_fragment(attr, options = {}) ⇒ Object

#html_document(attr, options = {}) ⇒ `Object`

#html_fragment(attr, options = {}) ⇒ `Object`