Class: HtmlSafetyValidator

Inherits:

ActiveModel::EachValidator

Object
ActiveModel::EachValidator
HtmlSafetyValidator

Defined in:: app/validators/html_safety_validator.rb

Overview

HtmlSafetyValidator

Validates that a value does not contain HTML or other unsafe content that could lead to XSS. Relies on Rails HTML Sanitizer: github.com/rails/rails-html-sanitizer

Example:

class Group < ActiveRecord::Base
  validates :name, presence: true, html_safety: true
end

Class Method Summary collapse

.error_message ⇒ Object

Instance Method Summary collapse

#validate_each(record, attribute, value) ⇒ Object

Class Method Details

.error_message ⇒ `Object`



23
24
25

# File 'app/validators/html_safety_validator.rb', line 23

def self.error_message
  _("cannot contain HTML/XML tags, including any word between angle brackets (&lt;,&gt;).")
end

Instance Method Details

#validate_each(record, attribute, value) ⇒ `Object`

# File 'app/validators/html_safety_validator.rb', line 17

def validate_each(record, attribute, value)
  return if value.blank? || safe_value?(value)

  record.errors.add(attribute, self.class.error_message)
end