PP Junty wrote: > i have been using the xss_terminate plugin: > > http://github.com/look/xss_terminate/tree/master > > basically it sanitizes values before they are stored in the database: > > "Installing the plugin creates a +before_save+ hook that will strip HTML > tags > from all string and text fields. No further configuration is necessary > if this > is what you want. To customize the behavior, you use the +xss_terminate+ > class > method."
somebody also suggested replacing all "<" with "< " and seems like it can be a very rude form of preventing malicious code? thanks. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---