dm-sanitizer

Description:

This package lets DataMapper properties be easily sanitized using Sanitize.

Features and problems:

Features

  • Sanitize String and Text properties by default (configurable)

  • Per property sanitization modes

  • User defined sanitization modes

problems

  • None known. Contact me if you find them.

Synopsis:

require 'rubygems'
require 'dm-core'
require 'dm-migrations'
require 'dm-sanitizer'

DataMapper.setup(:default, 'sqlite3::memory:')

class SomeModel
  include DataMapper::Resource

  property :id,     Serial
  property :title,  String
  property :story,  Text
end
SomeModel.auto_migrate!

obj = SomeModel.new
obj.title = '<h1>Hi there</h1>'
obj.story = '<em>Some sanitization <strong>needed</strong></em>'
obj.save
puts obj.title == 'Hi there'
puts obj.story == 'Some sanitization needed'

class SomeOtherModel
  include DataMapper::Resource
  sanitize :default_mode => :basic, :modes => {:restricted => :title}, :exclude => [:junk]

  property :id,     Serial
  property :title,  String
  property :story,  Text
  property :junk,   Text
end
SomeOtherModel.auto_migrate!

obj = SomeOtherModel.new
obj.title = '<h1><strong>Hi</strong> <a href="#">there</a></h1>'
obj.story = '<h3><a href="#">Scince</a> knows many gitiks</h3>'
obj.junk  = '<script>alert("xss")</script>'
obj.save

puts obj.title == '<strong>Hi</strong> there'
puts obj.story == '<a href="#" rel="nofollow">Scince</a> knows many gitiks'
puts obj.junk  == '<script>alert("xss")</script>'

Requirements:

  • DataMapper (dm-core)

  • Sanitize (sanitize)

Installation:

sudo gem install dm-sanitizer

License

(The MIT License)

Copyright © 2009 Sergei Zimakov

See LICENSE for details.