No release in over 3 years
Low commit activity in last 3 years
+loofah-activerecord+ extends +loofah+'s HTML sanitization into Rails ActiveRecord models. See more about +loofah+ at: http://github.com/flavorjones/loofah
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Development

>= 0.0.5
>= 1.2.0
~> 3.15
~> 2.2
~> 4.0
~> 1.0

Runtime

>= 1.0.0
 Project Readme

loofah-activerecord

Status

ci

Description

loofah-activerecord extends loofah's HTML sanitization into Rails ActiveRecord models.

See more about loofah at: http://github.com/flavorjones/loofah

Features

There are two ActiveRecord extensions included with loofah-activerecord:

  • Loofah::ActiveRecordExtension is an opt-in sanitizer. You must explicitly declare attributes to be sanitized.
  • Loofah::XssFoliate, a drop-in replacement for XssTerminate, is an opt-out sanitizer. By default all models and attributes are sanitized.

ActiveRecord Extension #1: Opt-In

See Loofah::ActiveRecordExtension for full documentation. The class methods mixed into ActiveRecord are:

  • html_document
  • html_fragment

which are used to declare how specific string and text attributes should be scrubbed during before_validation.

# app/model/post.rb
class Post < ActiveRecord::Base
  html_fragment :body, :scrub => :prune  # scrubs `body` using the :prune scrubber
end

ActiveRecord Extension #2: Opt-Out

See Loofah::XssFoliate::ClassMethods for more documentation. The class methods mixed into ActiveRecord are:

  • xss_foliate
  • xss_foliated?

which are used to declare how specific string and text attributes should be scrubbed during before_validation.

Attributes are scrubbed with the :strip scrubber by default, unless another scrubber is specified or the attribute is present in an :except clause.

Requirements

  • Loofah >= 1.0.0
  • Rails 3.2+, 4.2+, 5.0+

Support for older versions of Rails is available in loofah-activerecord < 2.0.

Installation

Unsurprisingly:

  • gem install loofah-activerecord

Support

The bug tracker is available here:

And the mailing list is on librelist (the general Loofah mailing list):

And the IRC channel is #loofah on freenode.

Related Links

Authors

Featuring code contributed by:

  • Josh Nichols
  • Damon P. Cortesi

Historical Note

This library was split out of the Loofah project for version 1.0.0.

License

Distributed under the MIT License. See MIT-LICENSE.txt for details.