-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
36 lines (24 loc) · 847 Bytes
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
SimpleSanitizerHtml
===================
SimpleSanitizerHtml is a small plugin for Rails for escape html into the model after save records.
Example
=======
For example you have the following model
# ruby script/generate model Post title:string copy:text
class Post
simple_sanitizer_html
end
so, if you add a post like that
$ ruby script/console
Loading development environment (Rails 2.3.2)
p >> p = Post.new
=> #<Post id: nil, title: nil, copy: nil, created_at: nil, updated_at: nil>
>> p.title = "<script>alert('hi tuquito')</script>"
=> "<script>alert('hi tuquito')</script>"
>> p.save
=> true
>> p.title
=> "<script>alert('hi tuquito')</script>"
>>
this plugin can be useful for prevent XSS Injection or styles attacks
Copyright (c) 2009 [chebyte - http://www.chebyte.com.ar], released under the MIT license