Module: Loofah::ActiveRecordExtension
- Defined in:
- lib/loofah/activerecord/active_record.rb
Overview
Loofah can scrub ActiveRecord attributes in a before_validation callback:
# config/initializers/loofah.rb
require 'loofah-activerecord'
# db/schema.rb
create_table "posts" do |t|
t.string "title"
t.string "body"
end
# app/model/post.rb
class Post < ActiveRecord::Base
html_fragment :body, :scrub => :prune # scrubs 'body' in a before_validation
end
Instance Method Summary collapse
-
#html_document(attr, options = {}) ⇒ Object
:call-seq: model.html_document(attribute, :scrub => scrubber_specification).
-
#html_fragment(attr, options = {}) ⇒ Object
:call-seq: html_fragment(attribute, :scrub => scrubber_specification).
Instance Method Details
#html_document(attr, options = {}) ⇒ Object
:call-seq:
model.html_document(attribute, :scrub => scrubber_specification)
Scrub an ActiveRecord attribute +attribute+ as an HTML *document*
using the method specified by +scrubber_specification+.
+scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
* a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
* or a Scrubber instance.
51 52 53 54 55 56 |
# File 'lib/loofah/activerecord/active_record.rb', line 51 def html_document(attr, ={}) raise ArgumentError, "html_document requires :scrub option" unless method = [:scrub] before_validation do |record| record[attr] = Loofah.scrub_document(record[attr], method).to_s end end |
#html_fragment(attr, options = {}) ⇒ Object
:call-seq:
html_fragment(attribute, :scrub => scrubber_specification)
Scrub an ActiveRecord attribute +attribute+ as an HTML *fragment*
using the method specified by +scrubber_specification+.
+scrubber_specification+ must be an argument acceptable to Loofah::ScrubBehavior.scrub!, namely:
* a symbol for one of the built-in scrubbers (see Loofah::Scrubbers for a full list)
* or a Scrubber instance. (see Loofah::Scrubber for help on implementing a custom scrubber)
32 33 34 35 36 37 |
# File 'lib/loofah/activerecord/active_record.rb', line 32 def html_fragment(attr, ={}) raise ArgumentError, "html_fragment requires :scrub option" unless method = [:scrub] before_validation do |record| record[attr] = Loofah.scrub_fragment(record[attr], method).to_s end end |