Vincent is Coding
April 21st, 2024

Sanitising content before render

Ruby on Rails

I wanted a simple way to sanitise some of the content before it was rendered in Ruby on Rails, when viewing a post with an image in Scribbles.

The problem was that any type of attachment in Rails always brings through the following markup on the front-end:

<action-text-attachment sgid="123" some_other_data></action-text-attachment>

The problem with that is that it exposed the original file that I'm storing — potentially exposing location data if it's an image with GPS meta data.

Right now I found no good way to strip just the GPS the meta data from an attachment without also destroying the colour space, or having more immediate problems with invalidating the hash of the originally uploaded file. Sigh.

So my solution is super simple.

Because I already create variants for each image, I don't need the original data to be exposed to the frontend when rendering the page.

So, before rendering, I simple use .gsub to remove the original data and just keep everything else. Here is the code:

def sanitised_content
  content.to_s.gsub(/<action-text-attachment (.*?)>(.*?)<\/action-text-attachment>/m, '\2').html_safe

So, whilst I do a bit more trickery on Scribbles, all I have to do is, in my front-end erb template:

<%= @post.sanitised_content %>

And that does the trick nicely. Job done.