For cross-site request forgery protection I've simply used the Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf). The github page is pretty self explanatory.
For Haml, you should just be able to set its :escape_html option to true and then %p= @something_nasty will be escaped by default. See: http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option for more info. Best, Ted On Mon, Aug 9, 2010 at 9:15 AM, David Susco <dsu...@gmail.com> wrote: > Hey guys, > > What do people do to protect against cross-site request forgery? To > mimic what rails does I was thinking of creating a unique key for each > session, and then in my logged_in? helper checking if the key passed > by the user matches the one I set in the session. > > On the second question, I'm using Tilt with Haml templates. Any idea > how I can set Haml's :escape_html option so each template escapes all > HTML within variables? > > -- > Dave > _______________________________________________ > Camping-list mailing list > Camping-list@rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list > _______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list