Thanks I'll look into the middleware. I know that's how you escape HTML in Haml, what am asking though is how you set the :escape_html option when all you have is an instance of Tilt.
Dave On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble <[email protected]> wrote: > For cross-site request forgery protection I've simply used the > Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf). > The github page is pretty self explanatory. > > For Haml, you should just be able to set its :escape_html option to > true and then > > %p= @something_nasty > > will be escaped by default. See: > > http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option > > for more info. > > Best, > Ted > > On Mon, Aug 9, 2010 at 9:15 AM, David Susco <[email protected]> wrote: >> Hey guys, >> >> What do people do to protect against cross-site request forgery? To >> mimic what rails does I was thinking of creating a unique key for each >> session, and then in my logged_in? helper checking if the key passed >> by the user matches the one I set in the session. >> >> On the second question, I'm using Tilt with Haml templates. Any idea >> how I can set Haml's :escape_html option so each template escapes all >> HTML within variables? >> >> -- >> Dave >> _______________________________________________ >> Camping-list mailing list >> [email protected] >> http://rubyforge.org/mailman/listinfo/camping-list >> > _______________________________________________ > Camping-list mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/camping-list > -- Dave _______________________________________________ Camping-list mailing list [email protected] http://rubyforge.org/mailman/listinfo/camping-list
