rails xss plugin
Plugin details
Documentation
ruby script/plugin install git://github.com/NZKoz/rails_xss.git
his plugin replaces the default ERB template handlers with erubis, and switches the behaviour to escape by default rather than requiring you to escape. This is consistent with the behaviour in Rails 3.0.
Strings now have a notion of "html safe", which is false by default. Whenever rails copies a string into the response body it checks whether or not the string is safe, safe strings are copied verbatim into the response body, but unsafe strings are escaped first.
All the XSS-proof helpers like link_to and form_tag now return safe strings, and will continue to work unmodified. If you have your own helpers which return strings you know are safe, you will need to explicitly tell rails that they're safe. For an example, take the following helper.
def some_helper (1..5).map do |i| "#{i}" end.join("\n") end
Further Documentation
There is currently no advanced documentation for this plugin.
New documentationEdit plugin | (0 older versions) | Last edited by: Guest, 9 months ago
Plugin Links
Plugin Search
Plugin Tags
ACL acts Admin AJAX amazon api assert asset association attribute Auth Authentication browser Calendar Captcha cms column comment config CRUD CSS csv data Database Date default editor email encryption exception Facebook filter find fixture flash form format FormHelper generate generator Geo Gibberish Google graph HAML helper HTML http i18n image Images input jQuery l10n label list log Login mail MapsSponsors
