It’s been nice to see that there’s some interest in Acts As Sanitized.
John Nunemaker referred me to the White List plugin by Rick Olsen, which seeks to solve a similar problem but for views, not models. Rick himself then mentioned that the
sanitize method passes only a fraction of the test cases that he’s adapted from Rsnake’s XSS Cheat Sheet, something I’m well aware of.
Over the next couple days I’ll be expanding my test cases to encompass the XSS Cheat Sheet. Beyond that, I’ll be providing an enhanced filter along the lines of Rick’s solution. Rick has clearly done the difficult legwork here; the rest is just a matter of approach and implementation details.
Any other feature requests while I’m at it?