Does anyone have a suggestion for a good method to Sanitize user input before it is used by a controller? I am aware of the sanitize method, but it is part of ActionView and not available to my controllers. This seems like a basic security protocol but I can't seem to find a good method. Thanks!
In this case I am wanting to sanitize search queries. But I also would like a safety net for all user generated content.
sanitize_params is a method of my own design? I am hoping to find a framework to adapt as I am not aware of every possible thing, and I know there are folks out there who have covered this problem.
Any suggestions?
There's not a general-purpose solution here. Different uses of data require different techniques. For example:
* passing to a query * sending to a view * sending an email * executing a shell command * using Ruby's eval() method
There is no one way to "sanitize" data for all of these situations. You have to apply the appropriate techniques to the appropriate uses.