Class: Opener::Webservice::InputSanitizer

Inherits:

Object

• Object
• Opener::Webservice::InputSanitizer

Defined in:

lib/opener/webservice/input_sanitizer.rb

Overview

Sanitizes raw Sinatra input and component options.

Instance Method Summary

• #prepare_parameters(input) ⇒ Hash

  Returns a Hash containing cleaned up pairs based on the input parameters.

• #whitelist_options(input, accepted) ⇒ Hash

  Returns a Hash containing the whitelisted options to pass to a component.

Instance Method Details

#prepare_parameters(input) ⇒ Hash

Returns a Hash containing cleaned up pairs based on the input parameters. The keys of the returned Hash are String instances to prevent Symbol DOS attacks.

Parameters:

• input (Hash)

Returns:

• (Hash)

# File 'lib/opener/webservice/input_sanitizer.rb', line 15

def prepare_parameters(input)
  sanitized = {}

  input.each do |key, value|
    # Sinatra/Rack uses "on" for checked checkboxes.
    if value == 'true' or value == 'on'
      value = true
    elsif value == 'false'
      value = false
    end

    sanitized[key.to_s] = value
  end

  # Strip empty callback URLs (= default form values).
  if sanitized['callbacks']
    sanitized['callbacks'].reject! { |url| url.nil? || url.empty? }
  end

  if sanitized['error_callback'] and sanitized['error_callback'].empty?
    sanitized.delete('error_callback')
  end

  return sanitized
end

#whitelist_options(input, accepted) ⇒ Hash

Returns a Hash containing the whitelisted options to pass to a component. Since components use Symbols for their options this Hash uses Symbols for its keys.

Parameters:

• input (Hash)
• accepted (Array) —

  The accepted parameter names.

Returns:

• (Hash)

# File 'lib/opener/webservice/input_sanitizer.rb', line 50

def whitelist_options(input, accepted)
  whitelisted = {}

  input.each do |key, value|
    sym_key = key.to_sym

    if accepted.include?(sym_key)
      whitelisted[sym_key] = value
    end
  end

  return whitelisted
end