Now that looks like a fun climb. =) Dave
On Tue, Aug 10, 2010 at 5:25 PM, Magnus Holm <[email protected]> wrote: > Great; sorry for the delay, but I've been here in the last days :-) > > http://upload.wikimedia.org/wikipedia/commons/b/bd/Preikestolen_Norge.jpg > > // Magnus Holm > > > > On Tue, Aug 10, 2010 at 22:50, David Susco <[email protected]> wrote: >> Thanks, that did the trick. Got to comb through my templates now though :P. >> >> On Tue, Aug 10, 2010 at 4:01 PM, Magnus Holm <[email protected]> wrote: >>> David, >>> >>> As far as I remember, this should work: >>> >>> module App >>> set :haml, { :escape_html => true } >>> end >>> >>> You set options (as specified in >>> http://github.com/rtomayko/tilt/blob/master/TEMPLATES.md) by: >>> >>> set :EXTENSION, { :a=> true, :b => false } >>> >>> // Magnus Holm >>> >>> >>> >>> On Mon, Aug 9, 2010 at 19:08, David Susco <[email protected]> wrote: >>>> Thanks I'll look into the middleware. >>>> >>>> I know that's how you escape HTML in Haml, what am asking though is >>>> how you set the :escape_html option when all you have is an instance >>>> of Tilt. >>>> >>>> Dave >>>> >>>> On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble <[email protected]> wrote: >>>>> For cross-site request forgery protection I've simply used the >>>>> Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf). >>>>> The github page is pretty self explanatory. >>>>> >>>>> For Haml, you should just be able to set its :escape_html option to >>>>> true and then >>>>> >>>>> %p= @something_nasty >>>>> >>>>> will be escaped by default. See: >>>>> >>>>> http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option >>>>> >>>>> for more info. >>>>> >>>>> Best, >>>>> Ted >>>>> >>>>> On Mon, Aug 9, 2010 at 9:15 AM, David Susco <[email protected]> wrote: >>>>>> Hey guys, >>>>>> >>>>>> What do people do to protect against cross-site request forgery? To >>>>>> mimic what rails does I was thinking of creating a unique key for each >>>>>> session, and then in my logged_in? helper checking if the key passed >>>>>> by the user matches the one I set in the session. >>>>>> >>>>>> On the second question, I'm using Tilt with Haml templates. Any idea >>>>>> how I can set Haml's :escape_html option so each template escapes all >>>>>> HTML within variables? >>>>>> >>>>>> -- >>>>>> Dave >>>>>> _______________________________________________ >>>>>> Camping-list mailing list >>>>>> [email protected] >>>>>> http://rubyforge.org/mailman/listinfo/camping-list >>>>>> >>>>> _______________________________________________ >>>>> Camping-list mailing list >>>>> [email protected] >>>>> http://rubyforge.org/mailman/listinfo/camping-list >>>>> >>>> >>>> >>>> >>>> -- >>>> Dave >>>> _______________________________________________ >>>> Camping-list mailing list >>>> [email protected] >>>> http://rubyforge.org/mailman/listinfo/camping-list >>>> >>> _______________________________________________ >>> Camping-list mailing list >>> [email protected] >>> http://rubyforge.org/mailman/listinfo/camping-list >> >> >> >> -- >> Dave >> _______________________________________________ >> Camping-list mailing list >> [email protected] >> http://rubyforge.org/mailman/listinfo/camping-list >> > _______________________________________________ > Camping-list mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/camping-list -- Dave _______________________________________________ Camping-list mailing list [email protected] http://rubyforge.org/mailman/listinfo/camping-list
