Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails: What is `sanitize` in Rails?

Tags:

ruby-on-rails

sanitize

What does sanitize mean in Rails?

I'm reading through the documentation for CanCanCan. It says:

When using strong_parameters or Rails 4+, you have to sanitize inputs before saving the record, in actions such as :create and :update.

Then per documentation, it requires adding the below:

load_and_authorize_resource param_method: :my_sanitizer

def my_sanitizer
  params.require(:article).permit(:name)
end

Source: https://github.com/CanCanCommunity/cancancan

I've also seen sanitize in the area of SQL queries.

What does sanitize mean actually. Does it just mean to allow something?

like image 364
tim_xyz Avatar asked Jun 14 '16 08:06

tim_xyz

People also ask

How does Rails sanitize work?

The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.

What is sanitize in Ruby?

Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.

What does sanitize mean in it?

1 : to reduce or eliminate pathogenic agents (such as bacteria) on the surfaces of (something) : to make (something) sanitary (as by cleaning or disinfecting) You can use sponges and dishcloths safely if you take care to sanitize them, says Dean Cliver, a professor of food safety at the University of California, Davis. ...

What does sanitize code mean?

HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated “safe” and desired. HTML sanitization can be used to protect against cross-site scripting (XSS) attacks by sanitizing any HTML code submitted by a user.

1 Answers

The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.

data = data.html_safe will just mark string data as 'html_safe' and treat it as such afterwards (Marks a string as trusted safe. It will be inserted into HTML with no additional escaping performed. It is your responsibility to ensure that the string contains no malicious content. This method is equivalent to the raw helper in views. It is recommended that you use sanitize instead of this method. It should never be called on user input.).

Have a look at official api doc action view sanitize helper

like image 90
Subhash Chandra Avatar answered Oct 02 '22 23:10

Subhash Chandra
Sign in to Comment

Related questions

what's the difference between public/assets and app/assets in rails?
Rails :method=>:patch doesn't work
can not access local rails server
Passing variable into block - Rails [duplicate]
How to undo bundle install --deployment?
Rails 4 - which is preferable PATCH or POST for updates
Rails + Elastic Beanstalk + Passenger: change Passenger configuration
How to use `root_url` in the ActiveModel::Serializer?
Use Octokit to retrieve private repositories from organizations
While installing http_parser.rb ERROR: Failed to build gem native extension
Adding Google Analytics to Rails 4.2 app
Rails attempting to throttle my API with rack-attack. Unsure if it's working?
How to generate a model with has_one contraint
How to call an active_model_serializer to serialize records explicitly
Add values to Ruby JSON Object
Rails 5.0.0beta3: ActionController::InvalidAuthenticityToken in development
How to implement a many-to-many in ActiveAdmin?
Ruby DateTime: Get next 5:15pm (or similar)
How to model a mutual friendship in Rails
Polymorphic Association and Nested Attributes: :error=>:blank

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!