/simple_sanitizer_html

a simple plugin for rails for escape html into model after save records

Primary LanguageRubyMIT LicenseMIT

SimpleSanitizerHtml
===================

SimpleSanitizerHtml is a small plugin for Rails for escape html into the model after save records.


Example
=======

For example you have the following model

# ruby script/generate model Post title:string copy:text

class Post
 simple_sanitizer_html
 
end

so, if you add a post like that

$ ruby script/console 
Loading development environment (Rails 2.3.2)
p >> p = Post.new
=> #<Post id: nil, title: nil, copy: nil, created_at: nil, updated_at: nil>
>> p.title = "<script>alert('hi tuquito')</script>"
=> "<script>alert('hi tuquito')</script>"
>> p.save
=> true
>> p.title
=> "&lt;script&gt;alert(&#39;hi tuquito&#39;)&lt;/script&gt;"
>> 


this plugin can be useful for prevent XSS Injection or styles attacks

Copyright (c) 2009 [chebyte - http://www.chebyte.com.ar], released under the MIT license