Dave Aronson wrote: > On Tue, Aug 17, 2010 at 11:18, Kaspir Ghost <li...@ruby-forum.com> > wrote: > >> I couldn't put links in my >> posts. I mean I can write links yes, but what I want to do is this: >> >> [code] >> blah blah blah <a href="http://www.site.com";>site</a> blah blah blah >> [/code] > > Looks to me like you're running afoul of HTML sanitization. This is > in fact for your (or rather, your users') protection, against > cross-site-scripting attacks. If you REALLY want to do that sort of > thing, you can explicitly mark the string as being already HTML-safe. > I'll leave it to you to find out how to do that, as this is a serious > vulnerability, not to be left unprotected-against lightly. > > Alternately, there are probably some plugins/gems/whatever that will > let your users insert a *limited subset* of tags, including links... > though of course the targets may contain cross-site-scripting > attacks.... > > -Dave
Thanks for your reply! I am the only user on the site. Does either option still present a threat for me? > > -- > Specialization is for insects. -RAH �| Have Pun, Will Babble! -me > Programming Blog: http://codosaur.us | Work: http://davearonson.com > Leadership Blog: �http://dare2xl.com | Play: http://davearonson.net > * * * * * WATCH THIS SPACE * * * * * | Ruby: http://mars.groupsite.com -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-t...@googlegroups.com. To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
