concerns_on_rails 1.11.2 → 1.12.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9eb1080168652222770c2ea933745175091c64599ea39e309220a9be8b241b1c
-  data.tar.gz: f39962ffb8a0e359d2137f1df9440be0a58a17d8c05d78181ba17d2ae1d0433b
+  metadata.gz: 56664d3e955f53dbeec1d586c31b57c860a208cedff76990236a728de1c6f9ec
+  data.tar.gz: 6a427597a32d8a2d848d2f51ed9cf45d6a3ea41dd9ea77c2b215b4a66846170e
 SHA512:
-  metadata.gz: ee0491e22fe01259415dbc266d19b9a2e966c53e9f0a0b3acded0aa5dd60e2e7085faeeff0b7995e6d6e1849612f1611a551bd2dbb5837f2757cb0de25ebfb72
-  data.tar.gz: 6297b08086c0b8417eff076393d725e40d6e469780fb8d60e5525a1b3a3a53d57fa44a6e90457f4625a7ed7012494cb80d385e5138c8b6e8b7d4836e0ed79cdd
+  metadata.gz: b34bc02259d6a33a0d1fa1dac2f2e71473cc543515df2088766b736eed4cdc8e9925616cca6397a5318d22bdcafbf910e8bea6ea9f93e1de4746613f3aa747b2
+  data.tar.gz: 52e3f5a2dda49da303b118a4962ca479bb43b628d363ff133c23939fc523235a01065441cea4002dccd33130ace25149da275ddb9839dc864b2e442377f88a28

data/CHANGELOG.md

@@ -1,5 +1,16 @@
 <!-- CHANGELOG.md -->
 
+## 1.12.1 (2026-06-06)
+
+### Added
+- **Models::Sanitizable**: opt-in HTML sanitization for string attributes — defense-in-depth on top of Rails' default output escaping (not a replacement for it). `sanitizable :body, with: :safe_list` is **non-destructive by default** (`on: :read`): it adds a `sanitized_<field>` reader and leaves the stored column raw. `on: :write` is an explicit, lossy opt-in that overwrites the column in `before_validation` (so presence/length validations see the cleaned value). Presets: `:strip` (remove all tags), `:safe_list` (Rails' allow-list), `:no_links`, `:none`, plus custom `Array` / `Hash` (`{ tags:, attributes: }`) allow-lists and a `Proc` escape hatch. Schema-checked via `ColumnGuard`. Zero new runtime dependencies.
+- **Controllers::SecureHeadable**: modern security response headers + a thin delegation to Rails' native Content-Security-Policy DSL. `secure_headers :nosniff, :sameorigin_frame, :no_referrer_leak, :no_cross_domain, :disable_legacy_xss` (and custom `"Header-Name" => "value"` pairs), applied in an `after_action`. `content_security_policy_for(report_only:, only:, except:, …, &block)` forwards straight to Rails. Ships `X-XSS-Protection: 0` (the only correct modern value) and deliberately does **not** scrub params. Zero new runtime dependencies.
+- **Support::HtmlSanitizers**: shared, lazily-memoized, feature-detected (HTML5/HTML4) `FullSanitizer` / `SafeListSanitizer` / `LinkSanitizer` instances backing `Models::Sanitizable`, reusing the `rails-html-sanitizer` that already ships with Action View.
+
+### Notes
+- All changes are additive and backward-compatible. `ConcernsOnRails::Sanitizable` is aliased to `Models::Sanitizable`; the controller concern stays namespace-only (`ConcernsOnRails::Controllers::SecureHeadable`), matching the existing controller concerns.
+- These features were first tagged as `1.12.0`, but that tag's CI lint failed before the RubyGems publish step, so it was never released. `1.12.1` is the first published version carrying them.
+
 ## 1.11.2 (2026-06-06)
 
 ### Added

data/README.md

@@ -40,6 +40,7 @@ Article.published.without_deleted.find("hello-world")
   - [Stateable](#-stateable) — lightweight string-backed state machine
   - [Addressable](#-addressable) — postal address normalization + format validation
   - [Taggable](#-taggable) — lightweight tagging over a single column
+  - [Sanitizable](#-sanitizable) — opt-in HTML sanitization (XSS defense-in-depth)
 - **Controller concerns**
   - [Paginatable](#-paginatable) — offset pagination with headers
   - [Filterable](#-filterable) — declarative URL-param filters
@@ -47,6 +48,7 @@ Article.published.without_deleted.find("hello-world")
   - [Respondable](#-respondable) — standardized JSON envelopes
   - [ErrorHandleable](#-errorhandleable) — JSON `rescue_from` handlers for common controller errors
   - [Includable](#-includable) — whitelisted association sideloading + sparse fieldsets
+  - [SecureHeadable](#-secureheadable) — security response headers + native CSP DSL
 - [Module paths & namespacing](#-module-paths--namespacing)
 - [Development](#-development)
 - [Contributing](#-contributing)
@@ -56,7 +58,7 @@ Article.published.without_deleted.find("hello-world")
 
 ## ✨ Why this gem?
 
-- **Fifteen model concerns + six controller concerns**, all production-ready
+- **Sixteen model concerns + seven controller concerns**, all production-ready
 - **One include, one macro** — no boilerplate, no glue code
 - **Lean dependencies** — only `acts_as_list` (Sortable) and `friendly_id` (Sluggable); controller concerns have zero extra deps
 - **Schema-validated configuration** — every macro checks that the configured column exists and raises `ArgumentError` early
@@ -827,6 +829,48 @@ Article.all_tags                               # => sorted unique tags in use
 
 ---
 
+## 🧼 Sanitizable
+
+Opt-in HTML sanitization for string attributes — **defense-in-depth, not a replacement for Rails' default output escaping** (`<%= %>` already escapes). Reach for it on the rare column you render as trusted HTML (`raw` / `html_safe`) or that must stay plain text. Zero extra dependencies — it uses the `rails-html-sanitizer` that already ships with Action View.
+
+```ruby
+class Article < ApplicationRecord
+  include ConcernsOnRails::Sanitizable
+
+  # DEFAULT (on: :read) — non-destructive. The column stays raw; a
+  # `sanitized_<field>` reader returns the cleaned value:
+  sanitizable :body, with: :safe_list            # => article.sanitized_body
+  sanitizable :summary, with: :strip             # => article.sanitized_summary
+  sanitizable :body, with: { tags: %w[b i a], attributes: %w[href] }
+
+  # EXPLICIT destructive opt-in — for plain-text-only columns only:
+  sanitizable :title, with: :strip, on: :write   # overwrites in before_validation
+end
+
+article = Article.new(body: "<b>Hi</b><script>alert(1)</script>")
+article.body            # => "<b>Hi</b><script>alert(1)</script>"  (raw, intact)
+article.sanitized_body  # => "<b>Hi</b>alert(1)"                    (script tag dropped)
+```
+
+**Presets** (`with:`)
+
+| Preset       | Behavior                                                               |
+|--------------|------------------------------------------------------------------------|
+| `:strip`     | Remove all tags, keep inner text (the default).                        |
+| `:safe_list` | Rails' allow-list: keep formatting tags, drop `<script>` / `<iframe>`. |
+| `:no_links`  | Strip only `<a>` tags, keep their text.                                |
+| `:none`      | No-op (declare the field / reader without transforming).               |
+| `Array`      | Custom tag allow-list, e.g. `with: %w[b i a]`.                         |
+| `Hash`       | `{ tags: [...], attributes: [...] }` allow-list.                       |
+| `Proc`       | Used as-is (you own the non-String guard).                             |
+
+**Notes**
+- `on: :read` (default) is **non-destructive**: it adds a `sanitized_<field>` reader and leaves the stored column untouched.
+- `on: :write` overwrites the column in `before_validation` — **lossy and irreversible** (never use it on code, Markdown, math, or prices), and bypassed by `update_column` / `update_all` / raw SQL.
+- For full user-authored rich text, prefer [Action Text](https://guides.rubyonrails.org/action_text_overview.html).
+
+---
+
 # 🎮 Controller Concerns
 
 Pure ActionController + ActiveRecord — **zero extra runtime dependencies** (no Kaminari, Pundit, or Ransack).
@@ -1050,6 +1094,46 @@ GET /articles?include=author,comments&fields[articles]=id,title&fields[authors]=
 
 ---
 
+## 🛡️ SecureHeadable
+
+Modern security response headers + a thin wrapper over Rails' native Content-Security-Policy DSL. Defense-in-depth on top of output escaping — it does **not** scrub request params and never re-enables the deprecated X-XSS-Protection auditor. Zero extra dependencies.
+
+```ruby
+class ApplicationController < ActionController::Base
+  include ConcernsOnRails::Controllers::SecureHeadable
+
+  # Preset headers, plus any custom "Header-Name" => "value" pairs:
+  secure_headers :nosniff, :sameorigin_frame, :no_referrer_leak, :disable_legacy_xss
+  secure_headers "Permissions-Policy" => "geolocation=()"
+
+  # Delegates to Rails' native CSP DSL — roll out report-only FIRST:
+  content_security_policy_for(report_only: true) do |policy|
+    policy.default_src :self
+    policy.script_src  :self
+    policy.object_src  :none
+  end
+end
+```
+
+**Header presets** (`secure_headers`)
+
+| Preset                | Header                                                 |
+|-----------------------|--------------------------------------------------------|
+| `:nosniff`            | `X-Content-Type-Options: nosniff`                      |
+| `:sameorigin_frame`   | `X-Frame-Options: SAMEORIGIN`                          |
+| `:deny_frame`         | `X-Frame-Options: DENY`                                |
+| `:no_referrer_leak`   | `Referrer-Policy: strict-origin-when-cross-origin`     |
+| `:no_cross_domain`    | `X-Permitted-Cross-Domain-Policies: none`              |
+| `:disable_legacy_xss` | `X-XSS-Protection: 0` (the only correct modern value)  |
+
+**Notes**
+- Headers are applied in an `after_action`, so they reinforce Rails' middleware defaults; later `secure_headers` declarations win on a colliding name.
+- `content_security_policy_for` forwards `report_only:` and per-action `only:` / `except:` / `if:` / `unless:` straight to Rails — it never re-implements CSP. Per-controller CSP overrides the global initializer for that controller.
+- CSP nonce generation (`content_security_policy_nonce_generator`) is app-wide initializer config and intentionally stays out of the concern.
+- These headers mitigate clickjacking / MIME-sniffing and (via CSP) XSS as **defense-in-depth** — output escaping remains the primary defense.
+
+---
+
 ## 🗂️ Module paths & namespacing
 
 Every concern is available under two paths:

data/lib/concerns_on_rails/controllers/secure_headable.rb

@@ -0,0 +1,105 @@
+require "active_support/concern"
+
+module ConcernsOnRails
+  module Controllers
+    # Adds modern security response headers and wires Rails' native
+    # Content-Security-Policy DSL. Defense-in-depth on top of output escaping —
+    # this does NOT scrub request params (context-blind and lossy) and never
+    # re-enables the deprecated X-XSS-Protection auditor.
+    #
+    #   class ApplicationController < ActionController::Base
+    #     include ConcernsOnRails::Controllers::SecureHeadable
+    #
+    #     # Apply preset headers, plus any custom "Header-Name" => "value" pairs:
+    #     secure_headers :nosniff, :sameorigin_frame, :no_referrer_leak, :disable_legacy_xss
+    #     secure_headers "Permissions-Policy" => "geolocation=()"
+    #
+    #     # Delegates to Rails' native CSP DSL — roll out report-only FIRST:
+    #     content_security_policy_for(report_only: true) do |policy|
+    #       policy.default_src :self
+    #       policy.script_src  :self
+    #       policy.object_src  :none
+    #     end
+    #   end
+    #
+    # The headers mitigate clickjacking / MIME-sniffing and (via CSP) XSS as
+    # defense-in-depth — they are NOT a standalone XSS fix; output escaping
+    # remains the primary defense. Per-controller CSP overrides the global
+    # initializer for that controller. CSP nonce generation
+    # (content_security_policy_nonce_generator / _nonce_directives) is app-wide
+    # initializer configuration and intentionally stays out of this concern.
+    #
+    # Header presets (the `secure_headers` arguments):
+    #   :nosniff            — X-Content-Type-Options: nosniff
+    #   :sameorigin_frame   — X-Frame-Options: SAMEORIGIN
+    #   :deny_frame         — X-Frame-Options: DENY
+    #   :no_referrer_leak   — Referrer-Policy: strict-origin-when-cross-origin
+    #   :no_cross_domain    — X-Permitted-Cross-Domain-Policies: none
+    #   :disable_legacy_xss — X-XSS-Protection: 0 (the only correct modern value)
+    module SecureHeadable
+      extend ActiveSupport::Concern
+
+      # Frozen, string-only header presets, each "Header-Name" => "value".
+      # :disable_legacy_xss emits "0" deliberately — the legacy browser XSS
+      # auditor was itself exploitable and is gone from modern browsers
+      # (Rails 7+ ships "0"), so "0" is the only correct value.
+      PRESETS = {
+        nosniff: %w[X-Content-Type-Options nosniff],
+        sameorigin_frame: %w[X-Frame-Options SAMEORIGIN],
+        deny_frame: %w[X-Frame-Options DENY],
+        no_referrer_leak: %w[Referrer-Policy strict-origin-when-cross-origin],
+        no_cross_domain: %w[X-Permitted-Cross-Domain-Policies none],
+        disable_legacy_xss: %w[X-XSS-Protection 0]
+      }.freeze
+
+      included do
+        class_attribute :secure_headable_headers, instance_accessor: false, default: {}
+        # after_action (not before) so the headers survive render and reinforce
+        # Rails' middleware defaults when a name collides.
+        after_action :apply_secure_headers
+      end
+
+      class_methods do
+        # Register preset headers (by symbol) plus optional custom
+        # "Header-Name" => "value" pairs. Later declarations win on collision.
+        def secure_headers(*presets, **custom)
+          resolved = presets.to_h do |key|
+            PRESETS.fetch(key) do
+              raise ArgumentError,
+                    "ConcernsOnRails::Controllers::SecureHeadable: unknown preset '#{key}'. " \
+                    "Valid presets: #{PRESETS.keys.join(', ')}"
+            end
+          end
+
+          self.secure_headable_headers =
+            secure_headable_headers.merge(resolved).merge(custom.transform_keys(&:to_s))
+        end
+
+        # Thin pass-through to Rails' native CSP DSL — never re-implement CSP.
+        # Forwards per-action conditions (only: / except: / if: / unless:) and
+        # the policy block straight through.
+        def content_security_policy_for(report_only: false, **action_opts, &block)
+          unless respond_to?(:content_security_policy)
+            raise ArgumentError,
+                  "ConcernsOnRails::Controllers::SecureHeadable: CSP requires " \
+                  "ActionController::ContentSecurityPolicy (Rails 5.2+)"
+          end
+
+          if report_only
+            content_security_policy_report_only(true, **action_opts, &block)
+          else
+            content_security_policy(**action_opts, &block)
+          end
+        end
+      end
+
+      # Public so subclasses can override; guarded exactly like Paginatable so
+      # it no-ops cleanly when there is no response object.
+      def apply_secure_headers
+        return unless respond_to?(:response) && response
+
+        self.class.secure_headable_headers.each { |name, value| response.set_header(name, value) }
+      end
+    end
+  end
+end

data/lib/concerns_on_rails/legacy_aliases.rb

@@ -17,4 +17,5 @@ module ConcernsOnRails
   Addressable   = Models::Addressable
   Sequenceable  = Models::Sequenceable
   Taggable      = Models::Taggable
+  Sanitizable   = Models::Sanitizable
 end

data/lib/concerns_on_rails/models/sanitizable.rb

@@ -0,0 +1,148 @@
+require "active_support/concern"
+require "concerns_on_rails/support/html_sanitizers"
+
+module ConcernsOnRails
+  module Models
+    # Opt-in HTML sanitization for string attributes — defense-in-depth, NOT a
+    # substitute for Rails' default output escaping.
+    #
+    # ESCAPE-FIRST: Rails already HTML-escapes `<%= record.body %>` via
+    # SafeBuffer, so for ordinary columns you need nothing here. Reach for this
+    # concern only for the rare column you render as trusted HTML
+    # (`raw` / `html_safe`) or that must be kept plain text. For full
+    # user-authored rich text, prefer Action Text.
+    #
+    #   class Article < ApplicationRecord
+    #     include ConcernsOnRails::Models::Sanitizable
+    #
+    #     # DEFAULT (on: :read) — non-destructive. The stored column stays raw;
+    #     # a `sanitized_<field>` reader returns the cleaned value:
+    #     sanitizable :body, with: :safe_list           # => article.sanitized_body
+    #     sanitizable :summary, with: :strip            # => article.sanitized_summary
+    #     sanitizable :body, with: { tags: %w[b i a], attributes: %w[href] }
+    #
+    #     # EXPLICIT destructive opt-in — for plain-text-only columns only:
+    #     sanitizable :title, with: :strip, on: :write  # overwrites in before_validation
+    #   end
+    #
+    # WARNING: `on: :write` is lossy and irreversible — never use it on code,
+    # Markdown, math, or anything where `<` / `>` are legitimate. It is also
+    # bypassed by `update_column` / `update_all` / raw SQL, which skip
+    # callbacks. The non-destructive `on: :read` default is preferred.
+    #
+    # Presets (the `with:` argument):
+    #   :strip      — remove all tags, keep inner text (the default)
+    #   :safe_list  — Rails' allow-list: keep formatting tags, drop <script> etc.
+    #   :no_links   — strip only <a> tags, keep their text
+    #   :none       — no-op (declare the field / reader without transforming)
+    #   Array       — custom tag allow-list, e.g. with: %w[b i a]
+    #   Hash        — { tags: [...], attributes: [...] } allow-list
+    #   Proc        — used as-is (the caller owns the non-String guard)
+    module Sanitizable
+      extend ActiveSupport::Concern
+
+      # Frozen, string-safe lambdas — non-String values pass through untouched,
+      # exactly like Normalizable::PRESETS. Each resolves its sanitizer through
+      # the shared Support helper (fully qualified, so there is no lexical-scope
+      # dependency and libgumbo is probed once, not per access) and always
+      # returns a plain String via #to_s, so a SafeBuffer is never persisted.
+      PRESETS = {
+        strip: ->(v) { v.is_a?(String) ? ConcernsOnRails::Support::HtmlSanitizers.full.sanitize(v).to_s : v },
+        safe_list: ->(v) { v.is_a?(String) ? ConcernsOnRails::Support::HtmlSanitizers.safe.sanitize(v).to_s : v },
+        no_links: ->(v) { v.is_a?(String) ? ConcernsOnRails::Support::HtmlSanitizers.link.sanitize(v).to_s : v },
+        none: ->(v) { v }
+      }.freeze
+
+      included do
+        # field => { sanitizer: <lambda>, on: :read|:write }
+        class_attribute :sanitizable_rules, instance_accessor: false, default: {}
+        before_validation :apply_sanitizations
+      end
+
+      class_methods do
+        include ConcernsOnRails::Support::ColumnGuard
+
+        # Declare which string fields to sanitize, how, and when.
+        #   sanitizable :body, with: :safe_list           # non-destructive reader
+        #   sanitizable :title, with: :strip, on: :write  # destructive overwrite
+        def sanitizable(*fields, with: :strip, on: :read)
+          raise ArgumentError, "ConcernsOnRails::Models::Sanitizable: at least one field is required" if fields.empty?
+
+          unless %i[read write].include?(on)
+            raise ArgumentError,
+                  "ConcernsOnRails::Models::Sanitizable: :on must be :read or :write, got #{on.inspect}"
+          end
+
+          sanitizer = resolve_sanitizer(with)
+          ensure_columns!("ConcernsOnRails::Models::Sanitizable", fields)
+
+          fields.each do |field|
+            key = field.to_sym
+            self.sanitizable_rules = sanitizable_rules.merge(key => { sanitizer: sanitizer, on: on })
+
+            # Non-destructive default: a clean reader, with the raw column intact.
+            define_method("sanitized_#{field}") { sanitizer.call(self[key]) } if on == :read
+          end
+        end
+      end
+
+      class_methods do # rubocop:disable Metrics/BlockLength
+        private
+
+        # Accepts a preset Symbol, a Proc (used as-is), an Array (custom tags
+        # allow-list), or a Hash with :tags / :attributes.
+        def resolve_sanitizer(with)
+          case with
+          when Symbol then preset_sanitizer(with)
+          when Proc   then with
+          when Array  then allowlist_sanitizer(tags: with.map(&:to_s))
+          when Hash   then hash_allowlist_sanitizer(with)
+          else
+            raise ArgumentError,
+                  "ConcernsOnRails::Models::Sanitizable: :with must be a preset symbol, an allow-list " \
+                  "(Array or Hash), or a Proc/lambda, got #{with.class}"
+          end
+        end
+
+        def preset_sanitizer(name)
+          PRESETS.fetch(name) do
+            raise ArgumentError,
+                  "ConcernsOnRails::Models::Sanitizable: unknown preset '#{name}'. " \
+                  "Valid presets: #{PRESETS.keys.join(', ')}"
+          end
+        end
+
+        def hash_allowlist_sanitizer(opts)
+          unknown = opts.keys - %i[tags attributes]
+          unless unknown.empty?
+            raise ArgumentError,
+                  "ConcernsOnRails::Models::Sanitizable: allow-list keys must be :tags / :attributes, got #{unknown.inspect}"
+          end
+
+          allowlist_sanitizer(tags: opts[:tags]&.map(&:to_s), attributes: opts[:attributes]&.map(&:to_s))
+        end
+
+        # Builds a SafeListSanitizer lambda restricted to the given tags/attributes.
+        def allowlist_sanitizer(tags: nil, attributes: nil)
+          options = {}
+          options[:tags] = tags if tags
+          options[:attributes] = attributes if attributes
+          ->(v) { v.is_a?(String) ? ConcernsOnRails::Support::HtmlSanitizers.safe.sanitize(v, **options).to_s : v }
+        end
+      end
+
+      # Only fields declared with on: :write are mutated; on: :read fields keep
+      # their raw column value and are exposed through their sanitized_ reader.
+      def apply_sanitizations
+        self.class.sanitizable_rules.each do |field, rule|
+          next unless rule[:on] == :write
+
+          value = self[field]
+          next if value.nil?
+
+          self[field] = rule[:sanitizer].call(value) # plain String, never a SafeBuffer
+        end
+      end
+    end
+  end
+end

data/lib/concerns_on_rails/support/html_sanitizers.rb

@@ -0,0 +1,63 @@
+require "active_support/concern"
+
+begin
+  require "rails-html-sanitizer"
+rescue LoadError
+  # rails-html-sanitizer ships transitively via actionview in every Rails app
+  # (actionview -> rails-html-sanitizer -> loofah), so this require is purely
+  # defensive for the rare host that pins an unusually old actionview. If the
+  # library is genuinely absent, referencing a sanitizer below raises a clear
+  # NameError at first use rather than at gem load.
+end
+
+module ConcernsOnRails
+  module Support
+    # Memoized, feature-detected HTML sanitizer instances shared by the
+    # sanitizing concerns (currently Models::Sanitizable).
+    #
+    # Picks the HTML5 parser (Rails::HTML5::*, the default since Rails 7.1, so
+    # it matches the host app's own ActionView sanitize/strip_tags output) when
+    # the platform supports it, and otherwise falls back to HTML4 (libgumbo /
+    # HTML5 is unavailable on JRuby) — mirroring Rails core.
+    #
+    # The namespace decision and each sanitizer are built lazily on first use,
+    # so libgumbo / ActionView is never probed at file-load time, and the
+    # instances are reused (they are thread-safe for #sanitize) rather than
+    # re-allocated per attribute access.
+    #
+    # We reference Rails::HTML5 / Rails::HTML4 explicitly: the bare
+    # Rails::HTML::* aliases silently resolve to the HTML4 implementation.
+    module HtmlSanitizers
+      module_function
+
+      def namespace
+        @namespace ||=
+          if defined?(Rails::HTML::Sanitizer) &&
+             Rails::HTML::Sanitizer.respond_to?(:html5_support?) &&
+             Rails::HTML::Sanitizer.html5_support?
+            Rails::HTML5
+          else
+            Rails::HTML4
+          end
+      end
+
+      # Removes every tag, keeping the inner text. The safe default and the
+      # only sanitizer appropriate for a destructive write (it cannot
+      # reintroduce markup).
+      def full
+        @full ||= namespace::FullSanitizer.new
+      end
+
+      # Rails' curated allow-list: keeps formatting tags (em / strong / a / p…),
+      # drops <script> / <iframe>, and neutralizes javascript: URLs.
+      def safe
+        @safe ||= namespace::SafeListSanitizer.new
+      end
+
+      # Strips only <a> tags, keeping their visible text and other markup.
+      def link
+        @link ||= namespace::LinkSanitizer.new
+      end
+    end
+  end
+end

data/lib/concerns_on_rails/version.rb

@@ -1,3 +1,3 @@
 module ConcernsOnRails
-  VERSION = "1.11.2".freeze
+  VERSION = "1.12.1".freeze
 end

data/lib/concerns_on_rails.rb

@@ -12,6 +12,7 @@ require "concerns_on_rails/support/column_guard"
 require "concerns_on_rails/support/random_value"
 require "concerns_on_rails/support/address_data"
 require "concerns_on_rails/support/sequence_calculator"
+require "concerns_on_rails/support/html_sanitizers"
 
 # Model concerns
 require "concerns_on_rails/models/sluggable"
@@ -29,6 +30,7 @@ require "concerns_on_rails/models/stateable"
 require "concerns_on_rails/models/addressable"
 require "concerns_on_rails/models/sequenceable"
 require "concerns_on_rails/models/taggable"
+require "concerns_on_rails/models/sanitizable"
 
 # Controller concerns
 require "concerns_on_rails/controllers/paginatable"
@@ -37,6 +39,7 @@ require "concerns_on_rails/controllers/sortable"
 require "concerns_on_rails/controllers/respondable"
 require "concerns_on_rails/controllers/error_handleable"
 require "concerns_on_rails/controllers/includable"
+require "concerns_on_rails/controllers/secure_headable"
 
 # Backwards compatibility (top-level aliases for pre-1.6 module paths)
 require "concerns_on_rails/legacy_aliases"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: concerns_on_rails
 version: !ruby/object:Gem::Version
-  version: 1.11.2
+  version: 1.12.1
 platform: ruby
 authors:
 - Ethan Nguyen
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-06-05 00:00:00.000000000 Z
+date: 2026-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -75,6 +75,7 @@ files:
 - lib/concerns_on_rails/controllers/includable.rb
 - lib/concerns_on_rails/controllers/paginatable.rb
 - lib/concerns_on_rails/controllers/respondable.rb
+- lib/concerns_on_rails/controllers/secure_headable.rb
 - lib/concerns_on_rails/controllers/sortable.rb
 - lib/concerns_on_rails/legacy_aliases.rb
 - lib/concerns_on_rails/models/activatable.rb
@@ -83,6 +84,7 @@ files:
 - lib/concerns_on_rails/models/hashable.rb
 - lib/concerns_on_rails/models/normalizable.rb
 - lib/concerns_on_rails/models/publishable.rb
+- lib/concerns_on_rails/models/sanitizable.rb
 - lib/concerns_on_rails/models/schedulable.rb
 - lib/concerns_on_rails/models/searchable.rb
 - lib/concerns_on_rails/models/sequenceable.rb
@@ -94,6 +96,7 @@ files:
 - lib/concerns_on_rails/models/tokenizable.rb
 - lib/concerns_on_rails/support/address_data.rb
 - lib/concerns_on_rails/support/column_guard.rb
+- lib/concerns_on_rails/support/html_sanitizers.rb
 - lib/concerns_on_rails/support/random_value.rb
 - lib/concerns_on_rails/support/sequence_calculator.rb
 - lib/concerns_on_rails/version.rb