i have been using the xss_terminate plugin: http://github.com/look/xss_terminate/tree/master
basically it sanitizes values before they are stored in the database: "Installing the plugin creates a +before_save+ hook that will strip HTML tags from all string and text fields. No further configuration is necessary if this is what you want. To customize the behavior, you use the +xss_terminate+ class method." -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
