RubygemsResearch

Sha256: 59a3d59a04f936efe5f5eb6a123f32e7ad6710e304e972dfb46e6e52b4292a1d

Contents?: true

Size: 1.58 KB

Versions: 2

Compression:

Stored size: 1.58 KB

require 'html5'
require 'html5lib_sanitize'

# == Introduction
# 
# Inquisition will escape html included in specified attributes to
# eliminate xss-style attacks.
module Inquisition
  def self.included(klass)
    klass.extend(ClassMethods)
  end

  module ClassMethods
    def cleanse_attr(*attributes)
      cleanse_attr_reader(*attributes)
      cleanse_attr_writer(*attributes)
    end

    def cleanse_attr_reader(*attributes)
      write_inheritable_attribute(:cleansed_attr_readers, attributes)
      class_inheritable_reader(:cleansed_attr_readers)

      define_method(:read_attribute_with_cleansing) do |attribute|
        value = read_attribute_without_cleansing(attribute)
        if cleansed_attr_readers.include?(attribute.to_sym) && !value.blank?
          HTML5libSanitize.sanitize_html(value)
        else
          value
        end
      end
      alias_method_chain :read_attribute, :cleansing

      attributes.each { |attr| define_method(attr.to_sym) { read_attribute(attr.to_sym) } }
    end

    def cleanse_attr_writer(*attributes)
      write_inheritable_attribute(:cleansed_attr_writers, attributes)
      class_inheritable_reader(:cleansed_attr_writers)

      define_method(:write_attribute_with_cleansing) do |attribute, value|
        if cleansed_attr_writers.include?(attribute.to_sym) && !value.blank?
          value = HTML5libSanitize.sanitize_html(value)
        end

        write_attribute_without_cleansing(attribute, value)
      end
      alias_method_chain :write_attribute, :cleansing
    end
  end #Class Methods
end #Inquisition

class Object
  include Inquisition
end

Version data entries

2 entries across 2 versions & 1 rubygems

Version	Path
thumblemonks-inquisition-0.1.3	lib/inquisition.rb
thumblemonks-inquisition-0.1.4	lib/inquisition.rb