Module: ActiveAdmin::Sanitizer
Overview
Prevents CSV Injection according to owasp.org/www-community/attacks/CSV_Injection
Constant Summary collapse
- ATTACK_CHARACTERS =
["=", "+", "-", "@", "\t", "\r"].freeze
Instance Method Summary collapse
Instance Method Details
#require_sanitization?(value) ⇒ Boolean
140 141 142 |
# File 'lib/active_admin/csv_builder.rb', line 140 def require_sanitization?(value) value.is_a?(String) && value.starts_with?(*ATTACK_CHARACTERS) end |
#sanitize(value) ⇒ Object
134 135 136 137 138 |
# File 'lib/active_admin/csv_builder.rb', line 134 def sanitize(value) return "'#{value}" if require_sanitization?(value) value end |