Module: Loofah::XssFoliate::InstanceMethods

Defined in:
lib/loofah/activerecord/xss_foliate.rb

Instance Method Summary collapse

Instance Method Details

#xss_foliate_fieldsObject

:nodoc:



214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
 
# File 'lib/loofah/activerecord/xss_foliate.rb', line 214

def xss_foliate_fields # :nodoc:
  # fix a bug with Rails internal AR::Base models that get loaded before
  # the plugin, like CGI::Sessions::ActiveRecordStore::Session
  return if xss_foliate_options.nil?

  self.class.columns.each do |column|
    next unless (column.type == :string || column.type == :text)

    field = column.name.to_sym
    value = self[field]

    next if !value.is_a?(String)

    next if xss_foliate_options[:except].include?(field)

    next if xss_foliated_with_standard_scrubber(field)

    # :text if we're here
    fragment = Loofah.scrub_fragment(value, :strip)

    text_options = if xss_foliate_is_unencoded(field)
                     {:encode_special_chars => false}
                   else
                     {}
                   end

    self[field] = fragment.nil? ? "" : fragment.text(text_options)
  end
end