sanitize snippets

Fixing "undefined method white_list_sanitizer' for String:Class" and "undefined method full_sanitizer' for String:Class"

Tagged rails2.2, fix, ruby, sanitize  Languages ruby

If you get one of these errors, it's highly likely that you've upgraded to Rails 2.2 or higher:

undefined method white_list_sanitizer' for String:Class
undefined method full_sanitizer' for String:Class

The fix is to extend the SanitizeHelper.

class String
  extend ActionView::Helpers::SanitizeHelper::ClassMethods

Escape and sanitize input and output?

Tagged escape, input, output, sanitize  Languages 

Thinking about escaping and sanitizing input and output? Read this:


  • Always sanitize output

By sanitizing the output, you can fix issues caused by bugs in the input sanitizer without touching the database.

  • Sanitize input, if it makes sense:

For example, if there’s a risk that input becomes invalid after sanitization then it’s better to store the data raw.

This is also a good idea, if there are multiple output formats and sanitizing the input might break something.