For cross-site request forgery protection I've simply used the
Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf).
The github page is pretty self explanatory.
For Haml, you should just be able to set its :escape_html option to
true and then
%p= @something_nasty
will be escaped by default. See:
http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option
for more info.
Best,
Ted
On Mon, Aug 9, 2010 at 9:15 AM, David Susco <dsu...@gmail.com> wrote:
> Hey guys,
>
> What do people do to protect against cross-site request forgery? To
> mimic what rails does I was thinking of creating a unique key for each
> session, and then in my logged_in? helper checking if the key passed
> by the user matches the one I set in the session.
>
> On the second question, I'm using Tilt with Haml templates. Any idea
> how I can set Haml's :escape_html option so each template escapes all
> HTML within variables?
>
> --
> Dave
> _______________________________________________
> Camping-list mailing list
> Camping-list@rubyforge.org
> http://rubyforge.org/mailman/listinfo/camping-list
>
_______________________________________________
Camping-list mailing list
Camping-list@rubyforge.org
http://rubyforge.org/mailman/listinfo/camping-list
