MishkaGervaz.Table.Web.Events.SanitizationHandler behaviour (MishkaGervaz v0.0.1-alpha.2)

Copy Markdown View Source

Handles input sanitization for Events module.

This module provides sanitization functions to prevent XSS and other injection attacks from user input in event parameters.

Customization

You can create a custom SanitizationHandler by using this module:

defmodule MyApp.CustomSanitizationHandler do
  use MishkaGervaz.Table.Web.Events.SanitizationHandler

  # Custom sanitization that allows some HTML tags
  def sanitize(value) when is_binary(value) do
    HtmlSanitizeEx.basic_html(value)
  end
end

Then configure it in your resource's DSL:

mishka_gervaz do
  table do
    events do
      sanitization MyApp.CustomSanitizationHandler
    end
  end
end

See MishkaGervaz.Table.Web.Events, and the sibling handlers RecordHandler, SelectionHandler, BulkActionHandler, HookRunner, RelationFilterHandler.

Summary

Callbacks

sanitize(value)

Sanitizes a value to prevent XSS and injection attacks.

sanitize_column(column)

Sanitizes a column name for sorting.

sanitize_page(page)

Sanitizes a page number from params.

Callbacks

sanitize(value)

@callback sanitize(value :: any()) :: any()

Sanitizes a value to prevent XSS and injection attacks.

Examples

iex> sanitize("<script>alert('xss')</script>test")
"alert('xss')test"

iex> sanitize(123)
123

sanitize_column(column)

(optional) 
@callback sanitize_column(column :: String.t()) :: atom()

Sanitizes a column name for sorting.

Returns the sanitized value as an existing atom, or raises ArgumentError if the atom doesn't exist.

sanitize_page(page)

(optional) 
@callback sanitize_page(page :: String.t() | integer()) :: integer()

Sanitizes a page number from params.

Returns an integer page number.