dm-sanitizer
Description:
This package lets DataMapper properties be easily sanitized using Sanitize.
Features and problems:
Features
-
Sanitize String and Text properties by default (configurable)
-
Per property sanitization modes
-
User defined sanitization modes
problems
-
None known. Contact me if you find them.
Synopsis:
require 'rubygems'
require 'dm-core'
require 'dm-migrations'
require 'dm-sanitizer'
DataMapper.setup(:default, 'sqlite3::memory:')
class SomeModel
include DataMapper::Resource
property :id, Serial
property :title, String
property :story, Text
end
SomeModel.auto_migrate!
obj = SomeModel.new
obj.title = '<h1>Hi there</h1>'
obj.story = '<em>Some sanitization <strong>needed</strong></em>'
obj.save
puts obj.title == 'Hi there'
puts obj.story == 'Some sanitization needed'
class SomeOtherModel
include DataMapper::Resource
sanitize :default_mode => :basic, :modes => {:restricted => :title}, :exclude => [:junk]
property :id, Serial
property :title, String
property :story, Text
property :junk, Text
end
SomeOtherModel.auto_migrate!
obj = SomeOtherModel.new
obj.title = '<h1><strong>Hi</strong> <a href="#">there</a></h1>'
obj.story = '<h3><a href="#">Scince</a> knows many gitiks</h3>'
obj.junk = '<script>alert("xss")</script>'
obj.save
puts obj.title == '<strong>Hi</strong> there'
puts obj.story == '<a href="#" rel="nofollow">Scince</a> knows many gitiks'
puts obj.junk == '<script>alert("xss")</script>'
Requirements:
-
DataMapper (dm-core)
-
Sanitize (sanitize)
Installation:
sudo gem install dm-sanitizer
License
(The MIT License)
Copyright © 2009 Sergei Zimakov
See LICENSE for details.