-
Notifications
You must be signed in to change notification settings - Fork 1
If you have a model that has an attribute that is user submitted HTML, such as comment, etc. this is a useful plugin for warning the user that they have submitted insecure HTML code, such as form elements, or javascript.
License
kete/validates_as_sanitized_html
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
ValidatesAsSanitizedHtml ============ Written for the Kete software (an open source Rails application for collaborative digital archives) by Walter McGinnis for Katipo Communications, Ltd. (http://katipo.co.nz/). The general idea is to check the quality of user inputed HTML. You may also be interested in the acts_as_sanitized plugin. ==== Requirements: * Rails 2.0.2 or greater * Hpricot gem ==== Usage: In your model: validates_as_sanitized_html :the_user_submitted_html_attribute You can also turn off whether the the attribute will fail validation if there are form, script, or input tags included in the attribute on a record by record basis by adding a do_not_sanitize virtual attribute in your model... attr_accessor :do_not_sanitize Then in your controlle you may set do_not_sanitize to true if, for example, a site admin is allowed to add forms. Cheers, Walter McGinnis
About
If you have a model that has an attribute that is user submitted HTML, such as comment, etc. this is a useful plugin for warning the user that they have submitted insecure HTML code, such as form elements, or javascript.
Resources
License
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published