Project

safe_anchor

0.0
No commit activity in last 3 years
No release in over 3 years
safe_anchorwoodydark/safeanchorHomepageDocumentationSource CodeBug TrackerWiki
SafeAnchor follows a secure-by-default principle and sanitizes all link_to helper output by default. This gem wraps around the default link_to and sanitize method provided by Rails.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
 Popularity
Downloads
7,906
Stars
1
Forks
0
Watchers
1
 Releases
Current version
0.1.3
Total releases
4
First release
2020-06-18
Latest release
2020-06-18
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2020-06-18
Reverse Dependencies
0

 Dependencies
 Project Readme

SafeAnchor

This is experimental, try at your own risk.

SafeAnchor wraps around Rails's default link_to helper and sanitize method to output always output a sanitized anchor tag.

This follows a secure-by-default principle and can be turned off by passing an optional argument keep_dirty: true when using the link_to helper.

Installation

Add this line to your application's Gemfile:

gem 'safe_anchor'

And then execute:

$ bundle install

Or install it yourself as:

$ gem install safe_anchor

Usage

SafeAnchor is secure-by-default.

<%= link_to "Dangerous Anchor", "javascript: alert('Boo!')" %>
# <a>Dangerous Anchor</a>

Turning off sanitization.

<%= link_to "Dangerous Anchor", "javascript: alert('Boo!')", keep_dirty: true %>
# <a keep_dirty="true" href="javascript: alert('Boo!')">Dangerous Anchor</a>

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/woodydark/safe_anchor.

License

The gem is available as open source under the terms of the MIT License.