Sha256: 5f288f7ac147bcc77cf4d9e48ef496bf1370d20a4a6a4bca49c68835e86f79d8
Contents?: true
Size: 1.53 KB
Versions: 1
Compression:
Stored size: 1.53 KB
Contents
module Zen
##
# Module for dealing with various security related actions such as sanitizing
# user input/output.
#
# @since 2012-01-07
#
module Security
class << self
##
# Sanitizes the string by escaping all Etanni template tags in it so that
# they aren't executed. Optionally this method can also remove all
# dangerous HTML using Loofah.
#
# It is recommended to use this method whenever your code accepts used
# input. Since removing HTML isn't always needed (sometimes you actually
# want to allow certain HTML tags) this is turned off by default.
#
# @example
# input = 'Hello #{puts 10}'
#
# Zen::Input.sanitize(input) # => "Hello \#\{puts 10\}"
#
# @since 2012-01-03
# @param [String] input The input string to sanitize.
# @param [TrueClass|FalseClass] clean_html When set to true certain HTML
# elements will be removed using Loofah.
# @return [String] The sanitized string.
#
def sanitize(input, clean_html = false)
return input unless input.is_a?(String)
# Cheap way of escaping the template tags.
input = input.gsub('<?r', '\<\?r') \
.gsub('?>', '\?\>') \
.gsub('#{', '\#\{') \
.gsub('}', '\}')
if clean_html == true
input = Loofah.fragment(input) \
.scrub!(:whitewash) \
.scrub!(:nofollow) \
.to_s
end
return input
end
end # class << self
end # Input
end # Zen
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| zen-0.4.3 | lib/zen/security.rb |