Reputation: 13601
What does sanitize
mean in Rails?
I'm reading through the documentation for CanCanCan
. It says:
When using strong_parameters or Rails 4+, you have to sanitize inputs before saving the record, in actions such as :create and :update.
Then per documentation, it requires adding the below:
load_and_authorize_resource param_method: :my_sanitizer
def my_sanitizer
params.require(:article).permit(:name)
end
Source: https://github.com/CanCanCommunity/cancancan
I've also seen sanitize
in the area of SQL queries.
What does sanitize
mean actually. Does it just mean to allow something?
Upvotes: 5
Views: 14299
Reputation: 3265
The SanitizeHelper
module provides a set of methods for scrubbing text of undesired HTML elements. These helper methods extend Action View making them callable within your template files.
data = data.html_safe
will just mark string data as 'html_safe'
and treat it as such afterwards (Marks a string as trusted safe. It will be inserted into HTML with no additional escaping performed. It is your responsibility to ensure that the string contains no malicious content. This method is equivalent to the raw helper in views. It is recommended that you use sanitize instead of this method. It should never be called on user input.).
Have a look at official api doc action view sanitize helper
Upvotes: 6