I’m using a form_tag in my Rails 3 app for a form not bound to any model. I understand (although please correct me if I’m wrong) that this helper doesn’t have the same sanitisation benefits as the model-bound form_for helper, so I’m manually sanitising all input into the form.
Here’s my controller (just the basics):
include ActionView::Helpers::TextHelper
class MyController < ApplicationController
localVariable = params[:my_form_param].to_s
localVariable = strip_tags(localVariable)
localVariable = sanitize(localVariable)
end
The problem occurs when characters such as Cyrillic letters, Scandinavian characters, and so on, are included in the form field. The following message is returned:
undefined method `bytesize' for nil:NilClass
I’ve narrowed it down to the strip_tags and sanitize methods, but I really need to use them to remove bad input. I’ve tried shifting the to_s method as well to each of the methods (e.g. strip_tags (localVariable.to_s) ) but with no luck – the only way I’m sure the form will work is by commenting out these two lines altogether (which, as I say, is something I don’t want to do).
Anyone got any thoughts on this? Is there an alternative approach I could use, bearing in mind I’m not using a model here, so using form_for might be going a bit overboard?
Thanks!
I think I solved this problem, using both Tamer Shlash’s advice and through hacking the code a bit.
The order of the code also seems to be important – do a
strip_tags, then asanitize, then finally add theto_strmethod, as follows:The error message no longer appears.