Thanks, that did the trick. Got to comb through my templates now though :P.
On Tue, Aug 10, 2010 at 4:01 PM, Magnus Holm <[email protected]> wrote: > David, > > As far as I remember, this should work: > > module App > set :haml, { :escape_html => true } > end > > You set options (as specified in > http://github.com/rtomayko/tilt/blob/master/TEMPLATES.md) by: > > set :EXTENSION, { :a=> true, :b => false } > > // Magnus Holm > > > > On Mon, Aug 9, 2010 at 19:08, David Susco <[email protected]> wrote: >> Thanks I'll look into the middleware. >> >> I know that's how you escape HTML in Haml, what am asking though is >> how you set the :escape_html option when all you have is an instance >> of Tilt. >> >> Dave >> >> On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble <[email protected]> wrote: >>> For cross-site request forgery protection I've simply used the >>> Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf). >>> The github page is pretty self explanatory. >>> >>> For Haml, you should just be able to set its :escape_html option to >>> true and then >>> >>> %p= @something_nasty >>> >>> will be escaped by default. See: >>> >>> http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option >>> >>> for more info. >>> >>> Best, >>> Ted >>> >>> On Mon, Aug 9, 2010 at 9:15 AM, David Susco <[email protected]> wrote: >>>> Hey guys, >>>> >>>> What do people do to protect against cross-site request forgery? To >>>> mimic what rails does I was thinking of creating a unique key for each >>>> session, and then in my logged_in? helper checking if the key passed >>>> by the user matches the one I set in the session. >>>> >>>> On the second question, I'm using Tilt with Haml templates. Any idea >>>> how I can set Haml's :escape_html option so each template escapes all >>>> HTML within variables? >>>> >>>> -- >>>> Dave >>>> _______________________________________________ >>>> Camping-list mailing list >>>> [email protected] >>>> http://rubyforge.org/mailman/listinfo/camping-list >>>> >>> _______________________________________________ >>> Camping-list mailing list >>> [email protected] >>> http://rubyforge.org/mailman/listinfo/camping-list >>> >> >> >> >> -- >> Dave >> _______________________________________________ >> Camping-list mailing list >> [email protected] >> http://rubyforge.org/mailman/listinfo/camping-list >> > _______________________________________________ > Camping-list mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/camping-list -- Dave _______________________________________________ Camping-list mailing list [email protected] http://rubyforge.org/mailman/listinfo/camping-list
