I found myself repeating the same text formatting methods over multiple models and realized this wasn't dry, so I made a plugin.
This plugin is useful if you:
- have (untrusted) users create objects with text fields on your website
- like to have consistently formatted data in your DB
- are going to display the text fields as is (or with .html_safe) in your app and want to make it safer (this uses the Sanitize gem by Ryan Grove)
Install as a gem with:
gem 'text_sanitizer'In the model where you want to format data:
class Post < ActiveRecord::Base
attr_accessible :name, :body, :email
sanitize_text :body
downcase_text :email
capitalize_text :name
endThis will convert:
- sanitize_text:
<script>body!</script>intobody! - downcase_text:
EMAIL@TEST.COMintoemail@test.com - capitalize_text:
john SMITHintoJohn Smith
You can also add your own sanitizers. To do so, use the following syntax in your model:
register_sanitizer :method, :callbackSo for instance, to add a sanitizer called upcase:
register_sanitizer :upcase, :before_save
upcase_text :title, :name
private
def upcase text
text.upcase
endOr you can also use the shorthand:
register_sanitizer :upcase, :before_save, :title, :nameThis is basically equivalent to having the following in your model:
before_save :upcase_text
def upcase_text
[:name, :title].each do |text_field|
self.send "#{text_field}#", read_attribute(text_field).upcase
end
endYou should consider whether the saving in verbose is worth it for you. It should be if you repeat this pattern often.
If you want to be able to use your new sanitizer in all models, create a new file in lib/ and paste the following:
register_sanitizer :upcase, :before_save
private
def upcase text
text.upcase
endNow you'll just need to call upcase_text :title from your model.