https://semver.org/

It appears from the changelog that this project may be loosely following semver. However, it seems that perhaps some releases would have rather been patch levels (the most recent 2), and others major version bumps (dropping support for a Ruby version).

When using tools like Depfu it is of unestimable value when the library in question follows SemVer.

I'm new to Ruby and RoR, so I'm sorry if this issue is not related to the gem.

In my model I have these lines.

auto_strip_attributes :price
validates :price, numericality: {greater_than_or_equal_to: 0}

I tested with negative number and get 'Price must be greater than or equal to 0', which was expected.

The problem is when I test with alphabets, if I remove the auto_strip_attributes line I will get 'Price is not a number'. But with the auto_strip_attributes line, the price field passes validation with the value of 0.

It would be nice if this gem could strip and titleize.

The first time I call Product.all in Rails console I got an error about auto_strip_attributes is undefined. Subsequent calls are successful.

Loading development environment (Rails 6.1.4.1)
2.6.6 :001 > Product.all
Traceback (most recent call last):
        3: from (irb):1
        2: from app/models/product.rb:1:in `<main>'
        1: from app/models/product.rb:8:in `<class:Product>'
NoMethodError (undefined method `auto_strip_attributes' for Product (call 'Product.connection' to establish a connection):Class)
2.6.6 :002 > Product.all
  Product Load (3.3ms)
  ...

Here is Product class:

class Product < ApplicationRecord

  auto_strip_attributes :name, :alias, squish: true

Hi,

Great work on your gem. Your docs referenced that it supports ActiveModel, but I didn't see any examples provided on how to do this. Here I have a simple ActiveModel class:

require 'active_model'

class ProductSearch
  include ActiveModel::Validations

  validates_length_of :keyword, :minimum => 1, \
                      :message => "must be at least 1 character."
  attr_accessor :keyword
  auto_strip_attributes :keyword

  def results
    puts "results keyword=#{@keyword}"
    @results ||= Solr.search(@keyword)
  end
end

Here's what I put in my Gemfile:

gem "auto_strip_attributes", "~> 2.0.2"

But when I fire up the Rails console, I get this:

ruby-1.8.7-p352 :003 > p = ProductSearch.new
NoMethodError: undefined method `auto_strip_attributes' for ProductSearch:Class
    from /Users/chip/code/rentwb/app/models/products/product_search.rb:17
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:454:in `load'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:454:in `load_file'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:593:in `new_constants_in'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:453:in `load_file'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:340:in `require_or_load'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:487:in `load_missing_constant'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:183:in `const_missing'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:181:in `each'
    from /Users/chip/code/rentwb/vendor/bundle/ruby/1.8/gems/activesupport-3.0.10/lib/active_support/dependencies.rb:181:in `const_missing'
    from (irb):3

I've verified that this gem is installed here:

vendor/bundle/ruby/1.8/gems/auto_strip_attributes-1.1/lib/auto_strip_attributes.rb

Would you be able to provide an example of how to get this to work with ActiveModel? If I figure this out, I'll submit a Pull Request with an example. Thanks for your help!

Chip

First, thanks for this gem. It's great!

Maybe I missed it, but I don't see release notes documented anywhere. It would be great to see what changes and fixes went into each release. GitHub makes it very easy to edit the releases section of a repo and make it look nice like this for example:

https://github.com/octokit/octokit.rb/releases

Other approaches include having a markdown file in the root of the repo called "History.md" or "CHANGELOG.md", like this:

https://github.com/jnicklas/capybara/blob/master/History.md

and this:

https://github.com/rails/rails/blob/master/activerecord/CHANGELOG.md

Thanks!

Hi

\u2002 utf8 character doesn't seems to be stripped out.

The [[:space:]] special regex expression does detect it, but the gem doesn't remove it.

To reproduce:

`
class Person < ApplicationRecord
auto_strip_attributes :name
end

person.name = "John\u2002"
person.save
=> true
person.name
=> "John "

Tested with GSUB and [[:space:]]

person.name.gsub(/[[:space:]]/, '')
=> "John"
`

I would like to say "just strip all my non-serialized text fields" in every model (or some base model) and just have it work. Specifying all the individual fields works for small models, but some of the ones I have contain several hundred string or text fields.

when I tried to implement method which removes full space like

myapp/config/initializers/auto_strip_attributes.rb

AutoStripAttributes::Config.setup do
  set_filter strip_full_width_space: false do |value|
    unless value.nil? || !value.is_a?(String)
      value.remove(/\A[\s　]+|[\s　]+\z/)
    end
  end
end

then $ bundle exec rails s or $ bundle exec rails c

myapp/config/initializers/auto_strip_attributes.rb:1:in <top (required)>': undefined method setup' for Config:Module (NoMethodError)

It seems it doesn't support deletion of non breaking space (a character is such a pita): U+00A0

The README has the following as the default behaviour:

# Normal usage where " aaa   bbb\t " changes to "aaa bbb"
 auto_strip_attributes :nick, :comment

I think this should read:

# Normal usage where " aaa   bbb\t " changes to "aaa   bbb"

(ie spaces aren't squished by default)

Would you be open to a pull request to add sanitization - aka running Loofah sanitization to remove XSS code from user submitted input that may be then added to the database?

It's normally thought of as a view concern in Rails, but there are other apps that interact with databases so a defense in depth approach of not letting known-unsafe markup to be persisted is wise in many use cases.

Frank

See details here: rails/rails#23589

And here: activerecord-hackery/ransack#797

Hey

I tried to use and deploy this gem in demo and from what I can tell it looks like the files that came out of the gem were all mode 0600

e.g (local gemset)

ls -alF ./lib 
total 8
drwxr-xr-x   4 jayoung  staff   136 Oct  3 17:07 ./
drwxr-xr-x  11 jayoung  staff   374 Oct  3 17:07 ../
drwxr-xr-x   3 jayoung  staff   102 Oct  3 17:07 auto_strip_attributes/
-rw-------   1 jayoung  staff  2674 Oct  3 17:07 auto_strip_attributes.rb

This broke in deployment because we deploy as a different user than we run passenger as - and passenger couldn't read the file and couldn't load the library.

In local testing, I've reproduced/verified this as an outcome, but I don't positively know this is what happened.

It's a great gem, but I can't use it right now without manually changing permissions on every deployed gemset, or building my own gem copy of it with the right file permissions, can you check your file mode and see if it's 0600 instead of 0644 for your files?

I have similar issue like @skandragon in #4: "strip all non-serialized text and string fields"
I want all of the string columns to be stripped automatically.

This is what I came up with:

# frozen_string_literal: true

module StripAttributes
  extend ActiveSupport::Concern

  included do
    extend AutoStripAttributes

    string_columns = self.columns.filter { |c| c.type == :string }.map(&:name)
    auto_strip_attributes(*string_columns)
  end
end

I'd prefer if this would be a configuration option so that I don't need to include this in every model.

Why? I think it's a good developer experience. Just like how I don't have to do many other things that come by default with rails (I don't have to convert "1" to 1 for integer columns, checkbox => boolean, etc.)
It would be great if this functionality came with rails for those of us who are spoiled by rails. :) ...but it doesn't

If it's a configuration option, it shouldn't bother users who don't want to use this, while it would make my life easier and I'd probably include this gem in every rails project of mine.

One problem I recently had was a user entering \u0001 in a form. I don't feel this was malicious, but it ended up causing problems in generating certain output formats like Excel. Or rather, it caused problems for that poorly written app...

In any case, could this gem also have an option to strip [:control:] characters? I may add this if no one beats me to it.

I've got an Active Record model with some columns, and one fake field set with attr_accessor. I'd like to get this pseudofield stripped as well.

attr_accessor :password
auto_strip_attributes :password