Adds TagSanitizer
This commit is contained in:
kikito
17
lib/tag_sanitizer.rb
Normal file
17
lib/tag_sanitizer.rb
Normal file
@@ -0,0 +1,17 @@
|
||||
class TagSanitizer
|
||||
|
||||
DISALLOWED_STRINGS = %w(? < > = /)
|
||||
|
||||
def sanitize_tag(tag)
|
||||
tag = tag.dup
|
||||
DISALLOWED_STRINGS.each do |s|
|
||||
tag.gsub!(s, '')
|
||||
end
|
||||
tag
|
||||
end
|
||||
|
||||
def sanitize_tag_list(tag_list)
|
||||
tag_list.map { |tag| sanitize_tag(tag) }
|
||||
end
|
||||
|
||||
end
|
||||
23
spec/lib/tag_sanitizer_spec.rb
Normal file
23
spec/lib/tag_sanitizer_spec.rb
Normal file
@@ -0,0 +1,23 @@
|
||||
require 'rails_helper'
|
||||
|
||||
describe TagSanitizer do
|
||||
|
||||
subject { described_class.new }
|
||||
|
||||
describe '#sanitize_tag' do
|
||||
it 'allows regular text, even spaces' do
|
||||
expect(subject.sanitize_tag('hello there')).to eq('hello there')
|
||||
end
|
||||
|
||||
it 'filters out dangerous strings' do
|
||||
expect(subject.sanitize_tag('user_id=1')).to eq('user_id1')
|
||||
end
|
||||
end
|
||||
|
||||
describe '#sanitize_tag_list' do
|
||||
it 'returns a new tag list with sanitized tags' do
|
||||
expect(subject.sanitize_tag_list(%w{x=1 y?z})).to eq(%w(x1 yz))
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
Reference in New Issue
Block a user