Module: Sanitizable

Extended by:
ActiveSupport::Concern
Included in:
ApplicationSetting, NamespaceSetting
Defined in:
app/models/concerns/sanitizable.rb

Overview

Sanitizable concern

This concern adds HTML sanitization and validation to models. The intention is to help prevent XSS attacks in the event of a by-pass in the frontend sanitizer due to a configuration issue or a vulnerability in the sanitizer. This approach is commonly referred to as defense-in-depth.

Example:

module Dast

class Profile < ApplicationRecord
  include Sanitizable

  sanitizes! :name, :description