ecto_sparkles v0.2.1

EctoSparkles.SanitiseStrings (ecto_sparkles v0.2.1) View Source

Provides functions for sanitising input on Ecto.Changeset string fields.

Link to this section Summary

Functions

clean_html(changeset, opts \\ [])
sanitise_strings(changeset, opts \\ [])
strip_all_tags(changeset, opts \\ [])

Sanitises all changes in the given changeset that apply to field which are of the :string Ecto type.

Link to this section Functions

Link to this function

clean_html(changeset, opts \\ [])

View Source
Link to this function

sanitise_strings(changeset, opts \\ [])

View Source
Link to this function

strip_all_tags(changeset, opts \\ [])

View Source

Sanitises all changes in the given changeset that apply to field which are of the :string Ecto type.

By default it uses the HtmlSanitizeEx.strip_tags/1 function on any change that satisfies all of the following conditions:

  1. The field associated with the change is of the type :string.
  2. The field associated with the change is not in the blacklisted_fields list of opts as defined using the :except key in opts. Note that this function will change the value in the :changes map of an %Ecto.Changeset{} struct if the given changes are sanitized.

Examples 

iex> attrs = %{string_field: "<script>Bad</script>"}
iex> result_changeset =
...>   attrs
...>   |> FakeEctoSchema.changeset()
...>   |> EctoSparkles.SanitiseStrings.strip_all_tags()
iex> result_changeset.changes
%{string_field: "Bad"}

Fields can be exempted from sanitization via the :except option.

iex> attrs = %{string_field: "<script>Bad</script>"}
iex> result_changeset =
...>   attrs
...>   |> FakeEctoSchema.changeset()
...>   |> EctoSparkles.SanitiseStrings.strip_all_tags(except: [:string_field])
iex> result_changeset.changes
%{string_field: "<script>Bad</script>"}

You can also specify a specific scrubber (by passing a function as reference):

ies> attrs

...>   |> FakeEctoSchema.changeset()
...>   |> EctoSparkles.SanitiseStrings.sanitise_strings(scrubber: HtmlSanitizeEx.Scrubber.html5/1)