Stack Overflow
Stack Overflow

Questions tagged [sanitize]

Whitelist-based Ruby HTML and CSS sanitizer.

Sanitize is a whitelist-based HTML and CSS sanitizer. Given a list of acceptable elements, attributes, and CSS properties, Sanitize will remove all unacceptable HTML and/or CSS from a string.

Using a simple configuration syntax, you can tell Sanitize to allow certain HTML elements, certain attributes within those elements, and even certain URL protocols within attributes that contain URLs. You can also whitelist CSS properties, @ rules, and URL protocols you wish to allow in elements or attributes containing CSS. Any HTML or CSS that you don't explicitly allow will be removed.

Sanitize is based on Google's Gumbo HTML5 parser, which parses HTML exactly the same way modern browsers do, and Crass, which parses CSS exactly the same way modern browsers do. As long as your whitelist config only allows safe markup and CSS, even the most malformed or malicious input will be transformed into safe output.

411 questions
0
votes
2 answers

How to sanitize Mysql queries with XSL template?

I have a XSL associate with an XML file. This XSL aim to create Mysql queries but in my XML I had some special characters like apostroph ' which break my queries. Do you know how I can sanitize my XSL template in order to have safe queries? Example…
henri_1310
  • 315
  • 7
  • 21
0
votes
2 answers

Having weird trouble using a PHP post function

So, I've got some pretty basic code that I can't get to work quite right. I'm using the ezSQL class (http://justinvincent.com/ezsql), but that's working fine. Everything works fine, except when I try to use a sanitize function (get_post). I'm using…
user2380943
  • 1
0
votes
2 answers

How to sanitize user-submitted mysql queries

I have never asked a question before because I tend to always find what I need either here or in nixcraft. I was hoping for a little guidance regarding an application that will be consumed only by technical people within my organization. They…
Michael Hogue
  • 37
  • 1
  • 6
0
votes
1 answer

How to remove special characters from params hash?

I have one application with the following code: quantity = 3 unit_types = ['MarineTrac','MotoTrac','MarineTrac'] airtime_plan = 'Monthly Airtime Plan' url =…
JohnMerlino
  • 3,900
  • 4
  • 57
  • 89
0
votes
2 answers

Ruby gem Sanitize not condensing whitespace on one machine

I have the following failing unit test; it "should handle white space" do Sanitize.clean(' ').should == '' end Which fails because the result of Sanitize.clean(' ') is ' ' not ''. The same test on other people's machines works fine, which…
Toby
  • 8,483
  • 13
  • 45
  • 68
0
votes
2 answers

Can you hack this input sanitize function?

I'm still learning PHP and SQL. I'm trying to create a simple content management system for a website's list of events. All of the input form fields are either Text areas or Text boxes (yes, I want them that way), and I want to leave the user the…
Leann
  • 216
  • 2
  • 4
  • 10
0
votes
2 answers

Rails sanitize tag and background-image

I want use html & css in form.text_area :text <%= sanitize @post.text , tags: %w(table tr td div p span img), attributes: %w(id class style src) %> But css attr "style" don't work with background-image.
Savroff
  • 79
  • 9
0
votes
3 answers

Sanitize MySQL data in Ruby on Rails 2

am reading data from a user-supplied CSV file of unknown number of rows. I iterate through the rows and rather than individually insert each row individually into the database (potentially a performance hurting large number of inserts), I…
Dawn Green
  • 483
  • 4
  • 16
0
votes
1 answer

how to sanitize data in sqlite3 column

I have a sqlite3 table with a column by the name Title, which stores the names of the some movies. Table name - table1 Column name - Title Examples data: "Casablanca" (1983) {The Cashier and the Belly Dancer (#1.4)} I have another sqlite3 table…
kallakafar
  • 725
  • 3
  • 11
  • 27
0
votes
4 answers

Sanitizing global arrays in PHP

I'm trying to find the best way to sanitize requests in PHP. From what I've read I learned that GET variables should be sanitized only when they're being displayed, not at the beginning of the "request flow". Post variables (which don't come from…
user1615069
  • 631
  • 4
  • 16
  • 26
0
votes
0 answers

HTML input sanitizing: reasonable to replace single quote ' with right single quote ’ for name field in DB?

E.g., D'Arcy becomes D’Arcy. It appears that both Bing and Google process ’ the same way as '. If this is so, is there any functional reason to not sanitize a name field with respect to the single quote by replacing it with the single right quote…
Reid
  • 3,170
  • 2
  • 23
  • 37
0
votes
1 answer

Sanitize helper causing an error in Money gem in Rails 3

Calling "sanitize" method on anything causes a missing method error in Rails 3 with Collective Idea's Money Gem sanitize "trololo" => undefined method `id2name' for {:instance_writer=>false}:Hash collectiveidea-money (1.7.4)…
Niko Efimov
  • 2,183
  • 3
  • 20
  • 30
0
votes
1 answer

How safe is stripping leading '/' and disallowing '../' from user input filepaths?

Is stripping leading '/' and disallowing '../' in any part of a user-supplied file-name still considered 'safe'? Or is there some (utf-8 encoding comes to mind) way around that? I'm not asking if the filename can be created on every filesystem. I'd…
Thies Ḉ Arntzen
  • 83
  • 5
0
votes
1 answer

Comprehensive Security Against User Input - PHP, MySQL

Possible Duplicate: What's the best method for sanitizing user input with PHP? What are the best PHP input sanitizing functions? The ultimate clean/secure function Goal: Properly sanitize all inputs from text boxes before entering into DB, which…
user1560053
0
votes
1 answer

Preserving line breaks from text area before or after php filter sanitize

Im having trouble understanding how to go about this. I have content in a tag which i want to save in a database. Im using FILTER_SANITIZE_STRING to escape XSS attacks however its getting rid of the line breaks in my textarea content. Im wondering…
Lance Ak
  • 1
  • 1
  • 1
1 2 3
27 28