sanitize

How can I use Ruby's Sanitize/Nokogiri to access untagged elements?

拥有回忆 提交于 2019-12-24 07:58:16
问题 I'm trying to build a Sanitize transformer that accepts potentially malformed HTML input with elements outside of any tags at all, such as in this example: out of a tag<p>in a tag</p>out again! I want to have the transformer wrap any non-tagged elements in <p> tags so that the above transforms into: <p>out of a tag</p><p>in a tag</p><p>out again!</p> Unfortunately, I can't figure out how to select the untagged element because it's not a node. I'm sure I'm missing something here. Can someone

How to use RubyGem Sanitize transformers to sanitize an unordered list into a comma seperated list?

痞子三分冷 提交于 2019-12-23 04:23:03
问题 Any one familiar with the RubyGem Sanitize, that provide an example of building a "Transformer" to convert "<ul><li>a</li><li>b</li><li>c</li></ul>" into "a,b, and c" ? 回答1: IMO transformers are not for pulling out data like this: Transformers allow you to filter and modify nodes using your own custom logic [...] This is not what you're trying to do; you're trying to pull data out of nodes, and transform it. In your example, you're not doing the same thing to each element: you're sometimes

Best Practices for Sanitizing SQL inputs Using JavaScript?

≡放荡痞女 提交于 2019-12-22 12:43:28
问题 So, with HTML5 giving us local SQL databases on the client side, if you want to write a select or insert, you no longer have the ability to sanitize third party input by saying $buddski = mysql_real_escape_string($tuddski) because the PHP parser and MySQL bridge are far away. It's a whole new world of SQLite where you compose your queries and parse your results with JavaScript. But while you may not have your whole site's database go down, the user who gets his/her database corrupted or wiped

For SafeHtml, Do we need to sanitize the “link” in <img src=link> tag, GWT?

蓝咒 提交于 2019-12-22 09:38:48
问题 I got a textbox that allows users to put image link (ex: http://abc.test.gif) & another textbox that allows user to put Alternate text (ex: "This is test.gif"), & a submit button. When a user clicks on submit buton, the program will generate <img src="http://abc.test.gif" alt="This is test.gif"> this string & store it into DB for later use. My question is: do i need to sanitize the imagelink "http://abc.test.gif" & the text in alt tag "This is test.gif" For example, do i need to use UriUtils

Sanitize SQL in custom conditions

拜拜、爱过 提交于 2019-12-21 21:42:35
问题 I need to create a simple search but I can't afford to use Sphinx. Here's what I wrote: keywords = input.split(/\s+/) queries = [] keywords.each do |keyword| queries << sanitize_sql_for_conditions( "(classifications.species LIKE '%#{keyword}%' OR classifications.family LIKE '%#{keyword}%' OR classifications.trivial_names LIKE '%#{keyword}%' OR place LIKE '%#{keyword}%')") end options[:conditions] = queries.join(' AND ') Now, sanitize_sql_for_conditions does NOT work! It returns simply returns

Is <span style=…> safe for sanitize?

对着背影说爱祢 提交于 2019-12-21 05:04:29
问题 I am using a rich text editor (CKEditor) and I have the opportunity to let users create profiles that are displayed to other users. Many of the attributes CKEditor can control are being lost when I display them as: <%= sanitize(profile.body) %> My question is: is it safe to allow the attribute 'style' to be parsed? This would allow things like text color, size, background color, centering, indenting, etc. to be displayed. I just want to be sure it won't allow a hacker access to something I

How good is the Rails sanitize() method?

北城余情 提交于 2019-12-18 11:51:28
问题 Can I use ActionView::Helpers::SanitizeHelper#sanitize on user-entered text that I plan on showing to other users? E.g., will it properly handle all cases described on this site? Also, the documentation mentions: Please note that sanitizing user-provided text does not guarantee that the resulting markup is valid (conforming to a document type) or even well-formed. The output may still contain e.g. unescaped ’<’, ’>’, ’&’ characters and confuse browsers. What's the best way to handle this?

Using Wordpress, can some one tell me the best way of sanitizing input?

走远了吗. 提交于 2019-12-17 22:42:03
问题 I'm developing an application using Wordpress as a CMS. I have a form with a lot of input fields which needs to be sanitized before stored in the database. I want to prevent SQL injection, having javascript and PHP code injected and other harmful code. Currently I'm using my own methods to sanitize data, but I feel that it might be better to use the functions which WP uses. I have looked at Data Validation in Wordpress, but I'm unsure on how much of these functions I should use, and in what

Strip style attributes with nokogiri

被刻印的时光 ゝ 提交于 2019-12-17 22:40:47
问题 I'm scrapling an html page with nokogiri and i want to strip out all style attributes. How can I achieve this? (i'm not using rails so i can't use it's sanitize method and i don't want to use sanitize gem 'cause i want to blacklist remove not whitelist) html = open(url) doc = Nokogiri::HTML(html.read) doc.css('.post').each do |post| puts post.to_s end => <p><span style="font-size: x-large">bla bla <a href="http://torrentfreak.com/netflix-is-killing-bittorrent-in-the-us-110427/">statistica</a>

Sanitize user input in bash for security purposes

扶醉桌前 提交于 2019-12-17 22:10:03
问题 How do I sanitise user input in a bash script so that I can then pass it as an argument to another shell program? I want to prevent the following: INPUT="filename;rm -rf /" ls $INPUT I was thinking it should be enough to surround the user input in double quotes like so: ls "$INPUT" but what if there is a double quote in $INPUT ? Or does bash already deal with this problem? 回答1: The Short Bash already deals with that. Quoting it is sufficient. ls "$INPUT" The Long A rough guide to how the