Project

sanitized

0.0
No release in over 3 years
An elegant solution for sanitizing user input. Cleaning & reformatting user data is a necessary chore for all developers; but it no longer needs to be time-consuming! The Sanitized suite of helpers allow you to quickly sanitize any ActiveRecord attribute, and easily add your own custom code to catch those edge cases. It will save you a surprisingly large amount of time!
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies

Runtime

>= 5.0.0.beta1
 Project Readme
Main Branch Dev Branch
ruby 3.3 ruby 3.3
ruby 3.2 ruby 3.2
ruby 3.1 ruby 3.1
ruby 3.0 ruby 3.0
ruby 2.7 ruby 2.7
ruby 2.6 ruby 2.6
ruby 2.5 ruby 2.5
 
License: MIT License: MIT
Gem Version Gem Version
100% Coverage 100% Coverage

Index

  • Description
  • Requirements
  • Installation
  • ChangeLog
  • Sanitized::String
  • Sanitized::Decimal
  • Sanitized::Float
  • Sanitized::Integer
  • Sanitized::BigInteger
  • Sanitized::DateTime
  • Custom Code
  • Contributing
  • Security Policy
  • Code of Conduct
  • License

Never trust user input - EVER!

Before validating input, it's common practice to sanitize it; removing leading and trailing spaces, downcasing emails, reducing multiple spaces between names to a single space, etc.

Sanitized simplifies the process of cleaning input data, significantly reducing the callbacks and custom methods normally used to handle the issue.

As a suite of ActiveModel::Type helpers, Sanitized applies the selected options every time, even when skipping validations, callbacks or directly setting with :update_columns.

The built-in options are mapped direct to the standard Ruby and ActiveSupport context methods for String, Integer, Float, etc.

And because every application is original, helpers are easily extended with your own custom code, for those unique edge cases you need to catch.


Requirements

  • Ruby 2.5+
  • ActiveRecord 5.0+

Installation

Add this line to your Gemfile:

gem 'sanitized'


ChangeLog

All changes can be found in the ChangeLog file.


Sanitized::String

This example sanitizes a string by removing all whitespace at the beginning & end of the sting, reducing multiple whitespace in the middle to a single space, and changing everything to lower case.

class User < ActiveRecord::Base
  attribute :name, Sanitized::String.new(:squish, :downcase)
end

user = User.new(name: "  Code    Meister \n")
user.name  #=> "code meister"

Options

All options that change the string's case are mutually exclusive. For example, you cannot use :downcase and :upcase at the same time.

  • :capitalize
  • :camelcase
  • :camelize
  • :chomp
  • :dasherize
  • :downcase
  • :humanize
  • :lstrip
  • :parameterize
  • :rstrip
  • :singularize
  • :squish
  • :strip
  • :swapcase
  • :titlecase
  • :titleize
  • :underscore
  • :upcase
  • :upcase_first

Sanitized::Decimal

This example sanitizes a Decimal by truncating it to 0 decimal places.

class User < ActiveRecord::Base
  attribute :age, Sanitized::Decimal.new(:truncate)
end

user = User.new(age: 13.75)
user.age  #=> 13

Options

Both :ceil and :floor are mutually exclusive, as are :abs and :magnitude.

  • :abs
  • :ceil
  • :floor
  • :magnitude
  • :truncate

Sanitized::Float

This example sanitizes a Float by ensuring its absolute value.

class User < ActiveRecord::Base
  attribute :age, Sanitized::Float.new(:abs)
end

user = User.new(age: -23)
user.age  #=> 23

Options

Both :ceil and :floor are mutually exclusive, as are :abs and :magnitude.

  • :abs
  • :ceil
  • :floor
  • :magnitude
  • :truncate

Sanitized::Integer

This example sanitizes an Integer by ensuring its absolute value.

class User < ActiveRecord::Base
  attribute :age, Sanitized::Integer.new(:abs)
end

user = User.new(age: -23)
user.age  #=> 23

Standard Options

  • :abs

Sanitized::BigInteger

This example sanitizes an BigInteger by ensuring its absolute value.

class User < ActiveRecord::Base
  attribute :age, Sanitized::BigInteger.new(:abs)
end

user = User.new(age: -23)
user.age  #=> 23

Options

  • :abs

Sanitized::DateTime

This example sanitizes a DateTime by setting it to the beginning of the month.

class User < ActiveRecord::Base
  attribute :event_at, Sanitized::DateTime.new(:beginning_of_month)
end

user = User.new(event_at: DateTime.new(2001,2,3,4,5,6))
user.event_at.to_s  #=> "Thu, 01 Feb 2001 00:00:00"

Options

All option are mutually exclusive, so only one may be used at any time.

  • :at_beginning_of_day
  • :at_beginning_of_hour
  • :at_beginning_of_minute
  • :at_beginning_of_month
  • :at_beginning_of_quarter
  • :at_beginning_of_week
  • :at_beginning_of_year
  • :at_end_of_day
  • :at_end_of_hour
  • :at_end_of_minute
  • :at_end_of_month
  • :at_end_of_quarter
  • :at_end_of_week
  • :at_end_of_year
  • :at_midday
  • :at_middle_of_day
  • :at_midnight
  • :at_noon
  • :beginning_of_day
  • :beginning_of_hour
  • :beginning_of_minute
  • :beginning_of_month
  • :beginning_of_quarter
  • :beginning_of_week
  • :beginning_of_year
  • :end_of_month
  • :end_of_quarter
  • :end_of_week
  • :end_of_year
  • :end_of_day
  • :end_of_hour
  • :end_of_minute
  • :midday
  • :middle_of_day
  • :midnight
  • :noon

Custom Code

You can add you own custom code by passing in a block:

class User < ActiveRecord::Base
  name_sanitizer = Sanitized::String.new(:squash, :downcase) do |name|
    if name == 'codemeister'
      'Godzilla'
    else
      name
    end
  end

  attribute :name, name_sanitizer
end

user = User.new(name: "  CodeMeister  ")
user.name  #=> "Godzilla"
user.save  
user.name  #=> 'godzilla'

GOTCHA'S

  1. The custom code is run after any options are applied. So, as in the example above, even through the option was to :downcase the custom block returned a capitalized string.

  2. The custom code MUST be idempotent. The sanitation is run each time an attribute is set or the model is updated. In the example above, the sanitizer is run both on assigning the value and on saving the record.


Contributing

  • Security issues
  • Reporting issues
  • Pull requests

In all cases please respect our Contributor Code of Conduct.

Security issues

If you have found a security related issue, please follow our Security Policy.

Reporting issues

Please try to answer the following questions in your bug report:

  • What did you do?
  • What did you expect to happen?
  • What happened instead?

Make sure to include as much relevant information as possible, including:

  • Ruby version.
  • Sanitized version.
  • ActiveModel version.
  • ActiveRecord version.
  • OS version.
  • The steps needed to replicate the issue.
  • Any stack traces you have are very valuable.

Pull Requests

We encourage contributions via GitHub pull requests.

Our Developer Guide details how to fork the project; get it running locally; run the tests; ensure 100% coverage; check the documentation; check your style; and submit a pull request.


Code of Conduct

We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.

Read the full details in our Contributor Code of Conduct.


License

The MIT License (MIT)

Copyright (c) 2021 CodeMeister

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.