Hey guys, What do people do to protect against cross-site request forgery? To mimic what rails does I was thinking of creating a unique key for each session, and then in my logged_in? helper checking if the key passed by the user matches the one I set in the session.
On the second question, I'm using Tilt with Haml templates. Any idea how I can set Haml's :escape_html option so each template escapes all HTML within variables? -- Dave _______________________________________________ Camping-list mailing list Camping-list@rubyforge.org http://rubyforge.org/mailman/listinfo/camping-list