New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Remove vulnerability xss hack #3030
Remove vulnerability xss hack #3030
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for tackling this one @martaribeiro.
I think it would good to move this into the base application_record.rb file that all of the models inherit from. Something like:
class ApplicationRecord < ActiveRecord::Base
# other existing methods
def sanitize_fields(*attrs)
attrs.each do |attr|
self.send("#{attr.to_s}=", ActionController::Base.helpers.sanitize(self.send(attr)))
end
end
Then, in the models you can do something like:
before_save sanitize_fields(:title, :funder_name, :grant_number, :identifier, :description)
change "lambda" to "->(data) {" instead
change "lambda" to "->(data) {" instead
was out of sync with development so rebased via GitHub |
…vulnerability_XSS_hack Remove vulnerability xss hack
Fixes # https://github.com/DigitalCurationCentre/DMPonline-Service/issues/603.
Changes proposed in this PR:
Callback was added to user and plan models. 'before_save' was added with a function sanitise a number of field before data was saved into the db