TextSanitizer
I found myself repeating the same text formatting methods over multiple models and realized this wasn't dry, so I made a plugin.
This plugin is useful if you:
- have (untrusted) users create objects with text fields on your website
- like to have consistently formatted data in your DB
- are going to display the text fields as is (or with .html_safe) in your app and want to make it safer (this uses the Sanitize gem by Ryan Grove)
How to use
Install as a gem with:
gem 'text_sanitizer'
In the model where you want to format data:
class Post < ActiveRecord::Base
attr_accessible :name, :body, :email
sanitize_text :body
downcase_text :email
capitalize_text :name
end
This will convert:
- sanitize_text:
<script>body!</script>
intobody!
- downcase_text:
[email protected]
into[email protected]
- capitalize_text:
john SMITH
intoJohn Smith
Custom sanitizers
You can also add your own sanitizers. To do so, use the following syntax in your model:
register_sanitizer :method, :callback
So for instance, to add a sanitizer called upcase:
register_sanitizer :upcase, :before_save
upcase_text :title, :name
private
def upcase text
text.upcase
end
Or you can also use the shorthand:
register_sanitizer :upcase, :before_save, :title, :name
This is basically equivalent to having the following in your model:
before_save :upcase_text
def upcase_text
[:name, :title].each do |text_field|
self.send "#{text_field}#", read_attribute(text_field).upcase
end
end
You should consider whether the saving in verbose is worth it for you. It should be if you repeat this pattern often.
If you want to be able to use your new sanitizer in all models, create a new file in lib/ and paste the following:
register_sanitizer :upcase, :before_save
private
def upcase text
text.upcase
end
Now you'll just need to call upcase_text :title
from your model.