Created
November 18, 2009 22:15
-
-
Save jefflarkin/238313 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Sanitizing/Escaping HTML in the view is inefficient because it | |
# happens every time the view is rendered. This module forces | |
# text and string fields to be sanitized every time they are | |
# modified and saved to the database. | |
module Sanitizer | |
def sanitize_fields | |
columns = self.class.columns_hash | |
changes.each do |key,value| | |
if columns[key].type == :text | |
Sanitize.clean! value[1], Sanitize::Config::TEXTAREA | |
elsif columns[key].type == :string | |
Sanitize.clean! value[1], Sanitize::Config::TEXTFIELD | |
end | |
value[1].strip! if value[1].is_a? String | |
end | |
end | |
end | |
module ActiveRecord | |
class Base | |
include Sanitizer | |
before_save :sanitize_fields | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment