This is an optional method to fine tune which string and text fields to automatically escape. Without calling html_escape, all automatically generated accessor methods tied to string and text fields in the database will be automatically escaped.

Configuration Options:

• only - specifies a list of column names to escape.
• except - specifies a list of column names to not escape.
• none - disables automatic escaping for entire class.
• all - (default) auto-escapes all fields. Same as not calling html_escape at all.

Examples

  Class Snipe < ActiveRecord::Base
    html_escape :only => [:species, :genus]
  # *OR*
    html_escape :except => :description
  # *OR*
    html_escape :none
  # *OR*
    html_escape :all   #Same as not calling html_escape at all.
  end

[Source]

     # File lib/cross_site_sniper.rb, line 104
104:       def html_escape(opts = {})
105:         opts = {opts => true} unless opts.is_a?(Hash)
106:         opts.assert_valid_keys(:only,:except,:none,:all)
107:         class_eval do
108:           if opts[:except]
109:             @cross_site_sniper_excepted_fields = [opts[:except]].flatten
110:           elsif opts[:only]
111:             @cross_site_sniper_only_fields = [opts[:only]].flatten
112:           elsif opts[:none]
113:             @cross_site_sniper_only_fields = Array.new
114:           end
115:         end
116:       end