We can sanitize an input field data easily before saving or before displaying it in Rails. In this case we don’t need to h function in the view level. We can do it at each model by using plugin.
xss-terminate is a plugin that makes stripping and sanitizing HTML stupid-simple, => http://github.com/look/xss_terminate , here we can find plugin. But currently it can’t be installed directly, so we have to download it and unpack its contents in a folder named “xss_terminate” under vendor/plugins folder.
Suppose we want to sanitize any script before saving an user name in user model so we have to just write the following code……
class User < ActiveRecord::Base xss_terminate :sanitize=>[:user_name] ... ..... end
We can also avoid any field from sanitizing by “:except” option as follows..
xss_terminate :except => [:address]