- http://github.com/flavorjones/loofah-activerecord
- http://rubydoc.info/github/flavorjones/loofah-activerecord/master/frames
- http://librelist.com/browser/loofah
loofah-activerecord
extends loofah
's HTML sanitization into Rails
ActiveRecord models.
See more about loofah
at: http://github.com/flavorjones/loofah
There are two ActiveRecord extensions included with loofah-activerecord:
- Loofah::ActiveRecordExtension is an opt-in sanitizer. You must explicitly declare attributes to be sanitized.
- Loofah::XssFoliate, a drop-in replacement for XssTerminate, is an opt-out sanitizer. By default all models and attributes are sanitized.
See Loofah::ActiveRecordExtension for full documentation. The class methods mixed into ActiveRecord are:
html_document
html_fragment
which are used to declare how specific string and text attributes
should be scrubbed during before_validation
.
# app/model/post.rb
class Post < ActiveRecord::Base
html_fragment :body, :scrub => :prune # scrubs `body` using the :prune scrubber
end
See Loofah::XssFoliate::ClassMethods for more documentation. The class methods mixed into ActiveRecord are:
xss_foliate
xss_foliated?
which are used to declare how specific string and text attributes
should be scrubbed during before_validation
.
Attributes are scrubbed with the :strip
scrubber by default, unless
another scrubber is specified or the attribute is present in an
:except
clause.
- Loofah >= 1.0.0
- Rails 3.2+, 4.2+, 5.0+
Support for older versions of Rails is available in loofah-activerecord < 2.0.
Unsurprisingly:
- gem install loofah-activerecord
The bug tracker is available here:
And the mailing list is on librelist (the general Loofah mailing list):
And the IRC channel is #loofah on freenode.
- Loofah: http://github.com/flavorjones/loofah
- XssTerminate: http://github.com/look/xss_terminate/tree/master
Featuring code contributed by:
- Josh Nichols
- Damon P. Cortesi
This library was split out of the Loofah project for version 1.0.0.
Distributed under the MIT License. See MIT-LICENSE.txt
for details.