I am writing a very simple CRUD application that takes user stories and stores them in a database, so another coder colleague can organize them for a project that we are both working on. However, I had a problem with disinfecting user input before saving it to the database. I cannot call the sanitize () function from the Story model to delete all html / scripting. This requires me to do the following:
def sanitize_inputs self.name = ActionController::Base.helpers.sanitize(self.name) unless self.name.nil? self.story = ActionController::Base.helpers.sanitize(self.story) unless self.story.nil? end
I want to confirm that user input has been cleared, and I'm not sure of two things: 1) When should user input validation be performed? Before the data is saved, itβs pretty obvious, Iβm thinking, however, should I process this stuff in the Controller before checking or some other non-obvious area before I check that user input does not have scripting / html tags? 2) By writing a unit test for this model, how could I verify that the / html script has been deleted, except for the "This is an example of malicious code" comparison for sanitize (example) output?
Thanks in advance.
source share