kete / validates_as_sanitized_html
watch download tarball
public
Forks1Right
Watchers4Right
Description: If you have a model that has an attribute that is user submitted HTML, such as comment, etc. this is a useful plugin for warning the user that they have submitted insecure HTML code, such as form elements, or javascript.
Homepage:
Clone URL: git://github.com/kete/validates_as_sanitized_html.git
name age
history
message
file README Sun Jan 13 23:19:03 -0800 2008 adding working code, needs tests [walter]
file Rakefile Sun Jan 13 23:19:03 -0800 2008 adding working code, needs tests [walter]
file init.rb Sun Jan 13 23:19:03 -0800 2008 adding working code, needs tests [walter]
directory lib/ Tue Mar 04 18:10:46 -0800 2008 turning overkill sanitization and fixing bugs i... [walter]
file license.txt Sun Apr 20 16:53:10 -0700 2008 Added GPL license document [jstr]
directory test/ Sun Jan 13 23:19:03 -0800 2008 adding working code, needs tests [walter]
README
ValidatesAsSanitizedHtml
============

Written for  the Kete software (an open source Rails application for collaborative digital archives) by Walter McGinnis 
for Katipo Communications, Ltd. (http://katipo.co.nz/).

The general idea is to check the quality of user inputed HTML.

You may also be interested in the acts_as_sanitized plugin.

====
Requirements:

* Rails 2.0.2 or greater
* Hpricot gem

====
Usage:

In your model:

  validates_as_sanitized_html :the_user_submitted_html_attribute

You can also turn off  whether the  the attribute will
fail validation if there are  form, script, or input tags included in
the attribute on a record by record basis by adding a do_not_sanitize
virtual attribute in your model...

    attr_accessor :do_not_sanitize

Then in your controlle you may set do_not_sanitize to true if, for
example, a site admin is allowed to add forms.

Cheers,
Walter McGinnis