Cleaning Up User Submitted Data

A little while back, I complained about WordPress' handling of URLs without "http://". While it turns out WP actually handles these correctly, it brings up the question on how to handle a user's inputted data. It's always important to format or sanitize incoming data, and for items like URLs, which have a well-defined format, it's really easy to do. Here's how to do it in Rails.

One of the great things about Ruby is the way it treats just about anything as a method, so if I call link.url = "http://website.com", it's actually calling the method Link#url= with the parameter of "http://website.com". So, to intercept incoming data, I just overwrite the default url= method in my Link model:

class Link < ActiveRecord
  def url=(new_url)
    if new_url[0..6] != 'http://'
      new_url = 'http://' + new_url
    end

    super(new_url)
  end
end

So, now, when I set the url, it's automatically formatted correctly. Some may advocate putting something like this in a before_save callback, but personally, I like to make sure the data is always correct, even when it hasn't yet been saved.

Did you like this entry? Make sure to subscribe to my RSS feed to keep up-to-date with my newest entries and links.