This package lets DataMapper properties be easily sanitized using Sanitize.
-
Sanitize String and Text properties by default (configurable)
-
Per property sanitization modes
-
User defined sanitization modes
-
None known. Contact me if you find them.
require 'rubygems' require 'dm-core' require 'dm-migrations' require 'dm-sanitizer' DataMapper.setup(:default, 'sqlite3::memory:') class SomeModel include DataMapper::Resource property :id, Serial property :title, String property :story, Text end SomeModel.auto_migrate! obj = SomeModel.new obj.title = '<h1>Hi there</h1>' obj.story = '<em>Some sanitization <strong>needed</strong></em>' obj.save puts obj.title == 'Hi there' puts obj.story == 'Some sanitization needed' class SomeOtherModel include DataMapper::Resource sanitize :default_mode => :basic, :modes => {:restricted => :title}, :exclude => [:junk] property :id, Serial property :title, String property :story, Text property :junk, Text end SomeOtherModel.auto_migrate! obj = SomeOtherModel.new obj.title = '<h1><strong>Hi</strong> <a href="#">there</a></h1>' obj.story = '<h3><a href="#">Scince</a> knows many gitiks</h3>' obj.junk = '<script>alert("xss")</script>' obj.save puts obj.title == '<strong>Hi</strong> there' puts obj.story == '<a href="#" rel="nofollow">Scince</a> knows many gitiks' puts obj.junk == '<script>alert("xss")</script>'
-
DataMapper (dm-core)
-
Sanitize (sanitize)
sudo gem install dm-sanitizer
(The MIT License)
Copyright © 2009 Sergei Zimakov
See LICENSE for details.