Skip to content

Instantly share code, notes, and snippets.

@charlieschwabacher

charlieschwabacher/gist:2885591

Created June 6, 2012 23:59
Show Gist options
  • Save charlieschwabacher/2885591 to your computer and use it in GitHub Desktop.
Save charlieschwabacher/2885591 to your computer and use it in GitHub Desktop.
Download ZIP
Proposed module to sanitize and escape attributes
Raw
gistfile1.rb
module SanitizeAttributes
#override setters of some string or text attributes to sanitize w/ Sanitize.clean before setting
def sanitize_attribute(attribute)
self.send(:define_method, "#{attribute}=") do |arg|
self[attribute] = Sanitize.clean arg
end
end
def sanitize_attributes(*attributes)
attributes.map {|a| sanitize_attribute(a)}
end
#override setters of some string or text attributes to escape w/ CGI.escape before setting
def escape_attribute(attribute)
self.send(:define_method, "#{attribute}=") do |arg|
self[attribute] = CGI.escape arg
end
end
def escape_attributes(*attributes)
attributes.map {|a| escape_attribute(a)}
end
end
@charlieschwabacher
Copy link
Author

So this is what I have come up with to handle sanitizing attributes on our models. Model definitions would look like:

class SomeModel
  include DataMapper::Resource
  extend ::SantizeAttributes
end

and then after defining properties, we would do something like:

sanitize_attributes :description, :body
escape_attribute :title

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment