Class: HtmlSafetyValidator
- Inherits:
-
ActiveModel::EachValidator
- Object
- ActiveModel::EachValidator
- HtmlSafetyValidator
- Defined in:
- app/validators/html_safety_validator.rb
Overview
HtmlSafetyValidator
Validates that a value does not contain HTML or other unsafe content that could lead to XSS. Relies on Rails HTML Sanitizer: github.com/rails/rails-html-sanitizer
Example:
class Group < ActiveRecord::Base
validates :name, presence: true, html_safety: true
end
Class Method Summary collapse
Instance Method Summary collapse
Class Method Details
.error_message ⇒ Object
23 24 25 |
# File 'app/validators/html_safety_validator.rb', line 23 def self. _("cannot contain HTML/XML tags, including any word between angle brackets (<,>).") end |
Instance Method Details
#validate_each(record, attribute, value) ⇒ Object
17 18 19 20 21 |
# File 'app/validators/html_safety_validator.rb', line 17 def validate_each(record, attribute, value) return if value.blank? || safe_value?(value) record.errors.add(attribute, self.class.) end |