-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
46 lines (29 loc) · 1.23 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
= Acts As Sanitized
Cleans up text data before it hits your database and, eventually, your users.
The goal is to reduce Cross-Site Scripting (XSS) attacks. Install and forget.
The plugin can figure out which fields it needs to sanitize, or you can
specify fields manually. The former is highly recommended. Schemas change.
== Usage
If you'd like the plugin to figure out which fields to sanitize:
class Comment < ActiveRecord::Base
acts_as_sanitized
end
If you'd like to specify the fields to sanitize:
class Entry < ActiveRecord::Base
acts_as_sanitized :fields => [ :title, :body ]
end
If you'd like to strip all HTML tags, not just script and form:
class Review < ActiveRecord::Base
acts_as_sanitized :strip_tags => true
end
If you'd like to use all the fancy options at once:
class Message < ActiveRecord::Base
acts_as_sanitized :fields => [ :content ], :strip_tags => true
end
== Known Issues
- 12 Jan 2007: test schema is generated twice when running tests. Not harmful.
== Credits
Written by Alex Payne of http://www.al3x.net.
Modified by Nina Jansen (http://ninajansen.dk), to work with rails 2.2
Much was learned from reading Chris Wanstrath's acts_as_textiled and the Rails
core team's acts_as_taggable.