xss_terminate 0.1

data/lib/rails_sanitize.rb

@@ -0,0 +1,12 @@
+require 'action_pack/version'
+
+# This class exists so including the Rails HTML sanitization helpers doesn't pollute your models.
+#module XssTerminate
+  class RailsSanitize
+    if ActionPack::VERSION::MINOR >= 2 # Rails 2.2+
+      extend ActionView::Helpers::SanitizeHelper::ClassMethods
+    else # Rails 2.1 or earlier (note: xss_terminate does not support Rails 1.x)
+      include ActionView::Helpers::SanitizeHelper
+    end
+  end
+#end

data/lib/xss_terminate/version.rb

@@ -0,0 +1,3 @@
+module XssTerminate
+  VERSION = "0.1"
+end

data/lib/xss_terminate.rb

@@ -0,0 +1,57 @@
+require "rails_sanitize"
+require "html5"
+require "html5lib_sanitize"
+
+module XssTerminate
+  def self.included(base)
+    base.extend(ClassMethods)
+    # sets up default of stripping tags for all fields
+    # base.send(:xss_terminate)
+  end
+
+  module ClassMethods
+    def xss_terminate(options = {})
+      before_validation :sanitize_fields
+
+      class_attribute :xss_terminate_options
+      self.xss_terminate_options = {
+        :except => (options[:except] || []),
+        :html5lib_sanitize => (options[:html5lib_sanitize] || []),
+        :sanitize => (options[:sanitize] || [])
+      }
+
+      include XssTerminate::InstanceMethods
+    end
+  end
+
+  module InstanceMethods
+
+    def sanitize_fields
+      # fix a bug with Rails internal AR::Base models that get loaded before
+      # the plugin, like CGI::Sessions::ActiveRecordStore::Session
+      return if xss_terminate_options.nil?
+
+      self.class.columns.each do |column|
+        next unless (column.type == :string || column.type == :text)
+
+        field = column.name.to_sym
+        value = self[field]
+
+        next if value.nil? || !value.is_a?(String)
+
+        if xss_terminate_options[:except].include?(field)
+          next
+        elsif xss_terminate_options[:html5lib_sanitize].include?(field)
+          self[field] = HTML5libSanitize.new.sanitize_html(value)
+        elsif xss_terminate_options[:sanitize].include?(field)
+          self[field] = RailsSanitize.white_list_sanitizer.sanitize(value)
+        else
+          self[field] = RailsSanitize.full_sanitizer.sanitize(value)
+        end
+      end
+
+    end
+  end
+end
+
+ActiveRecord::Base.send(:include, XssTerminate)

metadata

@@ -0,0 +1,53 @@
+--- !ruby/object:Gem::Specification
+name: xss_terminate
+version: !ruby/object:Gem::Version
+  version: '0.1'
+  prerelease: 
+platform: ruby
+authors:
+- Railscode
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2012-05-19 00:00:00.000000000 Z
+dependencies: []
+description: XssTerminate for Rails 3.2
+email:
+- railscode@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- lib/rails_sanitize.rb
+- lib/xss_terminate.rb
+- lib/html5lib_sanitize.rb
+- lib/xss_terminate/version.rb
+- LICENSE
+- README.md
+- CHANGELOG.md
+- ROADMAP.md
+homepage: http://github.com/vav/xss_terminate
+licenses: []
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: 1.3.6
+requirements: []
+rubyforge_project: xss_terminate
+rubygems_version: 1.8.19
+signing_key: 
+specification_version: 3
+summary: XssTerminate
+test_files: []