We all know and love white_list_helper for its code and ease of use, but it has one drawback: it’s a helper. It sanitizes text input by user (and does it great!) at the moment of viewing it and requires careful usage in every single view a given piece of data can appear.
I don’t like this approach. I’d be great to have white_list_helper functionality (filtering) applied to data at the moment of saving to database, not at the moment of viewing it. And there’s the issue of time/CPU cost: usually in webapps data is read more often than it’s written, so processing it per-view is ineffective.
So I decided to take white_list_helper code and make a (+1 for creativity when making up name) white_list_model which – surprise – sanitizes given fields before the model gets saved into database. It’s dead easy to use, just type white_list macro in your model definition and your text fields are automagically sanitized before save.
class News < ActiveRecord::Base
white_list
end
Of course you can tell the plugin to sanitize only some of the fields.
class News < ActiveRecord::Base
white_list :only => [ :description ]
end
Other examples and full documentation (together with the code) can be found on white_list_model GitHub page. Feel free :)