Module: Sanitizable
- Extended by:
- ActiveSupport::Concern
- Included in:
- ApplicationSetting, NamespaceSetting
- Defined in:
- app/models/concerns/sanitizable.rb
Overview
Sanitizable concern
This concern adds HTML sanitization and validation to models. The intention is to help prevent XSS attacks in the event of a by-pass in the frontend sanitizer due to a configuration issue or a vulnerability in the sanitizer. This approach is commonly referred to as defense-in-depth.
Example:
module Dast
class Profile < ApplicationRecord
include Sanitizable
sanitizes! :name, :description