Re: two security questions

Tue, 10 Aug 2010 13:01:47 -0700 

David,

As far as I remember, this should work:

  module App
    set :haml, { :escape_html => true }
  end

You set options (as specified in
http://github.com/rtomayko/tilt/blob/master/TEMPLATES.md) by:

  set :EXTENSION, { :a=> true, :b => false }

// Magnus Holm



On Mon, Aug 9, 2010 at 19:08, David Susco <[email protected]> wrote:
> Thanks I'll look into the middleware.
>
> I know that's how you escape HTML in Haml, what am asking though is
> how you set the :escape_html option when all you have is an instance
> of Tilt.
>
> Dave
>
> On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble <[email protected]> wrote:
>> For cross-site request forgery protection I've simply used the
>> Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf).
>> The github page is pretty self explanatory.
>>
>> For Haml, you should just be able to set its :escape_html option to
>> true and then
>>
>>    %p= @something_nasty
>>
>> will be escaped by default. See:
>>
>> http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option
>>
>> for more info.
>>
>> Best,
>> Ted
>>
>> On Mon, Aug 9, 2010 at 9:15 AM, David Susco <[email protected]> wrote:
>>> Hey guys,
>>>
>>> What do people do to protect against cross-site request forgery? To
>>> mimic what rails does I was thinking of creating a unique key for each
>>> session, and then in my logged_in? helper checking if the key passed
>>> by the user matches the one I set in the session.
>>>
>>> On the second question, I'm using Tilt with Haml templates. Any idea
>>> how I can set Haml's :escape_html option so each template escapes all
>>> HTML within variables?
>>>
>>> --
>>> Dave
>>> _______________________________________________
>>> Camping-list mailing list
>>> [email protected]
>>> http://rubyforge.org/mailman/listinfo/camping-list
>>>
>> _______________________________________________
>> Camping-list mailing list
>> [email protected]
>> http://rubyforge.org/mailman/listinfo/camping-list
>>
>
>
>
> --
> Dave
> _______________________________________________
> Camping-list mailing list
> [email protected]
> http://rubyforge.org/mailman/listinfo/camping-list
>
_______________________________________________
Camping-list mailing list
[email protected]
http://rubyforge.org/mailman/listinfo/camping-list

Reply via email to