GitHub - chebyte/simple_sanitizer_html: a simple plugin for rails for escape html into model after save records

chebyte / simple_sanitizer_html Public

Notifications You must be signed in to change notification settings
Fork 0
Star 3

a simple plugin for rails for escape html into model after save records

www.chebyte.com.ar

MIT license

3 stars 0 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
lib		lib
tasks		tasks
test		test
MIT-LICENSE		MIT-LICENSE
README		README
Rakefile		Rakefile
init.rb		init.rb
install.rb		install.rb
uninstall.rb		uninstall.rb

Repository files navigation

SimpleSanitizerHtml
===================

SimpleSanitizerHtml is a small plugin for Rails for escape html into the model after save records.


Example
=======

For example you have the following model

# ruby script/generate model Post title:string copy:text

class Post
 simple_sanitizer_html
 
end

so, if you add a post like that

$ ruby script/console 
Loading development environment (Rails 2.3.2)
p >> p = Post.new
=> #<Post id: nil, title: nil, copy: nil, created_at: nil, updated_at: nil>
>> p.title = "<script>alert('hi tuquito')</script>"
=> "<script>alert('hi tuquito')</script>"
>> p.save
=> true
>> p.title
=> "&lt;script&gt;alert(&#39;hi tuquito&#39;)&lt;/script&gt;"
>> 


this plugin can be useful for prevent XSS Injection or styles attacks

Copyright (c) 2009 [chebyte - http://www.chebyte.com.ar], released under the MIT license