3 个仓库
Filters and validates incoming request parameters to prevent mass-assignment vulnerabilities.
Distinct from Model Serialization Sanitization: Distinct from model serialization or query filters; focuses on preventing mass-assignment of user attributes.
Explore 3 awesome GitHub repositories matching security & cryptography · Request Parameter Sanitization. Refine with filters or upvote what's useful.
Devise is a flexible authentication framework for Ruby on Rails applications. It serves as a user identity management system that handles registration, sign-in, password recovery, and account confirmation. The system integrates with the Warden middleware to manage user sessions and security across various request types. The framework functions as a multi-model authentication engine, allowing for the configuration of multiple distinct user models with independent routes and access controls. It also provides a standardized interface to connect with external identity providers and third-party lo
Uses a configurable permit system to white-list request attributes before they are passed to model update methods.
express-validator is a server-side input validation library designed specifically for Express.js applications. It provides middleware that validates and sanitizes incoming HTTP request data against developer-defined rules, collecting all validation failures into a single array for simultaneous error reporting rather than failing on the first error. The library offers a chainable validation API where rules are built by chaining methods on a validation chain object, enabling declarative specification of multiple validators and sanitizers for a single request field. Each validation chain operate
Provides middleware that sanitizes incoming request field values by applying validator.js sanitization functions.
Pagy 是一个与框架无关的 Ruby 分页库,用于将大型数据集拆分为编号页面。它提供了多种数据拆分实现,包括用于标准集合的基于偏移量的切片,以及用于海量数据集的高性能键集(keyset)分页。 该库包含一个分页 UI 生成器,用于渲染可访问的 HTML 导航栏,以及一个专用的 REST API 分页工具,可生成符合 RFC 标准的链接头和 JSON 元数据。它还具有用于拆分 Elasticsearch、Meilisearch 和 Typesense 等搜索引擎结果的专用系统,以及用于将记录组织成日历单位的基于时间的分页功能。 其广泛的功能涵盖了数组和数据库集合的数据管理,包括记录计数记忆化和页面大小重新平衡。该项目还提供全面的 UI 和可访问性工具,例如 ARIA 标签、从右到左(RTL)布局支持以及与各种 CSS 框架的集成。安全性通过分页参数清理和针对越界请求的错误处理来解决。 该系统可通过全局默认值的中央配置进行扩展,并允许通过模块预置(prepending)覆盖核心逻辑。
Filters and validates incoming URL keys to ensure page and limit values are safe and within range.