Ted, Do you use Camping::Session with Rack::Csrf? If so, how did you get it to work? Once I include Camping::Session the csrf_token changes every time I call the method.
Can anyone explain what include Camping::Session is actually doing? Dave On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble <t...@tedkimble.com> wrote: > For cross-site request forgery protection I've simply used the > Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf). > The github page is pretty self explanatory. > > For Haml, you should just be able to set its :escape_html option to > true and then > > %p= @something_nasty > > will be escaped by default. See: > > http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option > > for more info. > > Best, > Ted > > On Mon, Aug 9, 2010 at 9:15 AM, David Susco <dsu...@gmail.com> wrote: >> Hey guys, >> >> What do people do to protect against cross-site request forgery? To >> mimic what rails does I was thinking of creating a unique key for each >> session, and then in my logged_in? helper checking if the key passed >> by the user matches the one I set in the session. >> >> On the second question, I'm using Tilt with Haml templates. Any idea >> how I can set Haml's :escape_html option so each template escapes all >> HTML within variables? >> >> -- >> Dave >> _______________________________________________ >> Camping-list mailing list >> Camping-list@rubyforge.org >> http://rubyforge.org/mailman/listinfo/camping-list >> > _______________________________________________ > Camping-list mailing list > Camping-list@rubyforge.org > http://rubyforge.org/mailman/listinfo/camping-list > -- Dave _______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list
