Finally a Rails post! This one is short, basic, and probably has a bunch of other examples on the net.
Rails3 escapes HTML by default, so this isn’t strictly necessary, but I still believe that what goes into the datastore should be clean. After all, the data will probably last longer than the front-end.
I found this post that explains how to do it for your
ActiveRecord models. However, I don’t have columns. Instead I used the following
before_filter in my model class.
before_save :sanitze_html def sanitze_html @attributes.each_key do |attr| value = @attributes[attr] if(value.class == String) @attributes[attr] = strip_tags(value) end end endIt’s the same idea, but instead use the attribute map to pull the objects out. If it’s a
Did you like this? Please share:
The Lost Year: A Failed Experiment to Switch Away From Mac
Fed up with the Apple Keyboard, I bought a ThinkPad, installed Linux, and promptly decided that I hated computers.
Maker's Space, Manager's Space
The Grand Remote Work Experiment: A Retrospective
The COVID-19 pandemic has lead to an unexpected experiment in remote working. What has worked and why?