Module: MsTools::MsSanitize

Defined in:: lib/ms_tools/sanitize.rb

Defined Under Namespace

Modules: Config

Instance Method Summary collapse

#msclean(html, options = {}) ⇒ Object

Returns a sanitized copy of html, using the settings in config if specified.
#msclean!(html, options = {}) ⇒ Object

Performs Sanitize#clean in place, returning html, or nil if no changes were made.
#sanitize(html, options = {}) ⇒ Object

Returns a sanitized copy of html, using the settings in config if specified.
#sanitize!(html, options = {}) ⇒ Object

Performs Sanitize#clean in place, returning html, or nil if no changes were made.
#sanitize_params(params = params) ⇒ Object

A sanitizer before filter that walks all parameters before any processing takes place.

Instance Method Details

#msclean(html, options = {}) ⇒ `Object`

Returns a sanitized copy of html, using the settings in config if specified.

# File 'lib/ms_tools/sanitize.rb', line 49

def msclean(html, options = {})
  config = options.delete(:config) || {}
  radius = options.delete(:radius) || false
  if( radius ) then
    Sanitize.clean(html.gsub(/<r:([a-z0-9 _'"=-]+) \/>/i, '(r:\1 /)'), config).gsub('&#13;',"").gsub(/\(r:([a-z0-9 _'"=-]+) \/\)/i, '<r:\1 />')
  else
    Sanitize.clean(html, config).gsub('&#13;',"")
  end
end

#msclean!(html, options = {}) ⇒ `Object`

Performs Sanitize#clean in place, returning html, or nil if no changes were made.

# File 'lib/ms_tools/sanitize.rb', line 61

def msclean!(html, options = {})
  config = options.delete(:config) || {}
  radius = options.delete(:radius) || false
  if( radius ) then
    Sanitize.clean!(html.gsub(/<r:([a-z0-9 _'"=-]+) \/>/i, '(r:\1 /)'), config).gsub('&#13;',"").gsub(/\(r:([a-z0-9 _'"=-]+) \/\)/i, '<r:\1 />')
  else
    Sanitize.clean!(html, config).gsub('&#13;',"")
  end
end

#sanitize(html, options = {}) ⇒ `Object`

Returns a sanitized copy of html, using the settings in config if specified.



114
115
116

# File 'lib/ms_tools/sanitize.rb', line 114

def sanitize(html, options = {})
  msclean(html, options)
end

#sanitize!(html, options = {}) ⇒ `Object`

Performs Sanitize#clean in place, returning html, or nil if no changes were made.



120
121
122

# File 'lib/ms_tools/sanitize.rb', line 120

def sanitize!(html, options = {})
  msclean!(html, options)
end

#sanitize_params(params = params) ⇒ `Object`

A sanitizer before filter that walks all parameters before any processing takes place.

Description

This is based on the sanitize_params plugin written by Jay Laney, updated by Danny Sofer to work with the Sanitizer module that is now part of the Rails core.

The original version of sanitize_params used Rick Olsen’s white_list plugin, but as Rick pointed out some time ago, “I recently just refactored a lot of that code into the html tokenizer library. You can now access the classes directly as HTML::Sanitizer, HTML::LinkSanitizer, and HTML::WhiteListSanitizer.”

Danny Sofer’s version of sanitize_params does exactly that. Otherwise, it is unchanged from Jay’s original code designed for scrubbing your user input clean.

I modified this to work with Ryan Grove’s Sanitize gem which is required by this function.

Usage

in application.rb:

before_filter :sanitize_params

Alternatively, add the filter to your controllers selectively.

Contact

The original sanitize_params plugin was written by Jay Laney and is still available at code.google.com/p/sanitizeparams/

This version was dereived from the forked version tweaked by Danny Sofer, which can be found at github.com/sofer/sanitize_params.



108
109
110

# File 'lib/ms_tools/sanitize.rb', line 108

def sanitize_params(params = params)
  params = walk_hash(params) if params
end