|
Revision 1, 1.2 kB
(checked in by al..@al3x.net, 1 year ago)
|
initial commit
|
| Line | |
|---|
| 1 |
= Acts As Sanitized |
|---|
| 2 |
|
|---|
| 3 |
Cleans up text data before it hits your database and, eventually, your users. |
|---|
| 4 |
The goal is to reduce Cross-Site Scripting (XSS) attacks. Install and forget. |
|---|
| 5 |
|
|---|
| 6 |
The plugin can figure out which fields it needs to sanitize, or you can |
|---|
| 7 |
specify fields manually. The former is highly recommended. Schemas change. |
|---|
| 8 |
|
|---|
| 9 |
== Usage |
|---|
| 10 |
|
|---|
| 11 |
If you'd like the plugin to figure out which fields to sanitize: |
|---|
| 12 |
|
|---|
| 13 |
class Comment < ActiveRecord::Base |
|---|
| 14 |
acts_as_sanitized |
|---|
| 15 |
end |
|---|
| 16 |
|
|---|
| 17 |
If you'd like to specify the fields to sanitize: |
|---|
| 18 |
|
|---|
| 19 |
class Entry < ActiveRecord::Base |
|---|
| 20 |
acts_as_sanitized :fields => [ :title, :body ] |
|---|
| 21 |
end |
|---|
| 22 |
|
|---|
| 23 |
If you'd like to strip all HTML tags, not just script and form: |
|---|
| 24 |
|
|---|
| 25 |
class Review < ActiveRecord::Base |
|---|
| 26 |
acts_as_sanitized :strip_tags => true |
|---|
| 27 |
end |
|---|
| 28 |
|
|---|
| 29 |
If you'd like to use all the fancy options at once: |
|---|
| 30 |
|
|---|
| 31 |
class Message < ActiveRecord::Base |
|---|
| 32 |
acts_as_sanitized :fields => [ :content ], :strip_tags => true |
|---|
| 33 |
end |
|---|
| 34 |
|
|---|
| 35 |
== Known Issues |
|---|
| 36 |
|
|---|
| 37 |
- 12 Jan 2007: test schema is generated twice when running tests. Not harmful. |
|---|
| 38 |
|
|---|
| 39 |
== Credits |
|---|
| 40 |
|
|---|
| 41 |
Written by Alex Payne of http://www.al3x.net. |
|---|
| 42 |
|
|---|
| 43 |
Much was learned from reading Chris Wanstrath's acts_as_textiled and the Rails |
|---|
| 44 |
core team's acts_as_taggable. |
|---|
