Module: Sanitizable

Extended by:

ActiveSupport::Concern

Included in:

ApplicationSetting, NamespaceSetting, UserDetail

Defined in:

app/models/concerns/sanitizable.rb

Overview

Sanitizable concern

This concern adds HTML sanitization and validation to models. The intention is to help prevent XSS attacks in the event of a by-pass in the frontend sanitizer due to a configuration issue or a vulnerability in the sanitizer. This approach is commonly referred to as defense-in-depth.

Example:

module Dast class Profile < ApplicationRecord include Sanitizable

# Sanitize name and description on every validation
sanitizes! :name, :description

# Conditional sanitization: options are passed through to
# before_validation and validates_each callbacks.
# Supports :if and :unless options for conditional execution.
sanitizes! :target_url, if: -> { should_sanitize? }
end

end