Sanitize your output in Ruby on Rails @ Raymond Law

Sanitize your output in Ruby on Rails

Posted on October 30th, 2008 Raymond Law 1 comment

We all know about the holy h() method that escapes your output when you do <%=h blah %>. But how many of us can claim we remember to use it where it’s appropriate during development 100% of the time? Can you swear you’ve never missed one? Moreover, it’s such a mental distraction to think logic and h() at the same time. And when you take over a Rails project in the middle, how can you ensure the previous developers use h()?

Here’s the rescue.

safe_erb + footnotes

I don’t think I need to explain more. Just use it and you will find all those places where you should sanitize your output with h(), sanitize(), and untaint(), …etc.

Ruby on Rails, Web 2.0 footnotes, rails, ruby, safe_erb, sanitize
One response to “Sanitize your output in Ruby on Rails”
1. Alexwebmaster March 3rd, 2009 at 11:32
  
  Hello webmaster
  I would like to share with you a link to your site
  write me here preonrelt@mail.ru
Leave a reply

Name (required)

Mail (will not be published) (required)

Website

Search

Archives

Recent Posts

Recent Comments

Blogroll

Categories

Apple (8)
Badminton (6)
Basketball (6)
Dealistic (2)
Entrepreneurship (3)
Football (3)
Game (3)
Git (3)
iPhone (2)
Mac (7)
OnMyList (5)
Random (24)
Ruby on Rails (29)
Soccer (1)
Test (1)
Uncategorized (3)
Web 2.0 (31)
Wii (3)
Wizards (6)

Recommend Me