Menu
What does sanitize mean in Rails?
I'm reading through the documentation for CanCanCan. It says:
When using strong_parameters or Rails 4+, you have to sanitize inputs before saving the record, in actions such as :create and :update.
Then per documentation, it requires adding the below:
load_and_authorize_resource param_method: :my_sanitizer
def my_sanitizer
params.require(:article).permit(:name)
end
Source: https://github.com/CanCanCommunity/cancancan
I've also seen sanitize in the area of SQL queries.
What does sanitize mean actually. Does it just mean to allow something?
364
The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.
Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.
1 : to reduce or eliminate pathogenic agents (such as bacteria) on the surfaces of (something) : to make (something) sanitary (as by cleaning or disinfecting) You can use sponges and dishcloths safely if you take care to sanitize them, says Dean Cliver, a professor of food safety at the University of California, Davis. ...
HTML sanitization is the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated “safe” and desired. HTML sanitization can be used to protect against cross-site scripting (XSS) attacks by sanitizing any HTML code submitted by a user.
The SanitizeHelper module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.
data = data.html_safe will just mark string data as 'html_safe' and treat it as such afterwards (Marks a string as trusted safe. It will be inserted into HTML with no additional escaping performed. It is your responsibility to ensure that the string contains no malicious content. This method is equivalent to the raw helper in views. It is recommended that you use sanitize instead of this method. It should never be called on user input.).
Have a look at official api doc action view sanitize helper
90
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
