Great; sorry for the delay, but I've been here in the last days :-) http://upload.wikimedia.org/wikipedia/commons/b/bd/Preikestolen_Norge.jpg
// Magnus Holm On Tue, Aug 10, 2010 at 22:50, David Susco <[email protected]> wrote: > Thanks, that did the trick. Got to comb through my templates now though :P. > > On Tue, Aug 10, 2010 at 4:01 PM, Magnus Holm <[email protected]> wrote: >> David, >> >> As far as I remember, this should work: >> >> module App >> set :haml, { :escape_html => true } >> end >> >> You set options (as specified in >> http://github.com/rtomayko/tilt/blob/master/TEMPLATES.md) by: >> >> set :EXTENSION, { :a=> true, :b => false } >> >> // Magnus Holm >> >> >> >> On Mon, Aug 9, 2010 at 19:08, David Susco <[email protected]> wrote: >>> Thanks I'll look into the middleware. >>> >>> I know that's how you escape HTML in Haml, what am asking though is >>> how you set the :escape_html option when all you have is an instance >>> of Tilt. >>> >>> Dave >>> >>> On Mon, Aug 9, 2010 at 12:22 PM, Ted Kimble <[email protected]> wrote: >>>> For cross-site request forgery protection I've simply used the >>>> Rack::Csrf middleware before (http://github.com/baldowl/rack_csrf). >>>> The github page is pretty self explanatory. >>>> >>>> For Haml, you should just be able to set its :escape_html option to >>>> true and then >>>> >>>> %p= @something_nasty >>>> >>>> will be escaped by default. See: >>>> >>>> http://haml-lang.com/docs/yardoc/file.HAML_REFERENCE.html#escape_html-option >>>> >>>> for more info. >>>> >>>> Best, >>>> Ted >>>> >>>> On Mon, Aug 9, 2010 at 9:15 AM, David Susco <[email protected]> wrote: >>>>> Hey guys, >>>>> >>>>> What do people do to protect against cross-site request forgery? To >>>>> mimic what rails does I was thinking of creating a unique key for each >>>>> session, and then in my logged_in? helper checking if the key passed >>>>> by the user matches the one I set in the session. >>>>> >>>>> On the second question, I'm using Tilt with Haml templates. Any idea >>>>> how I can set Haml's :escape_html option so each template escapes all >>>>> HTML within variables? >>>>> >>>>> -- >>>>> Dave >>>>> _______________________________________________ >>>>> Camping-list mailing list >>>>> [email protected] >>>>> http://rubyforge.org/mailman/listinfo/camping-list >>>>> >>>> _______________________________________________ >>>> Camping-list mailing list >>>> [email protected] >>>> http://rubyforge.org/mailman/listinfo/camping-list >>>> >>> >>> >>> >>> -- >>> Dave >>> _______________________________________________ >>> Camping-list mailing list >>> [email protected] >>> http://rubyforge.org/mailman/listinfo/camping-list >>> >> _______________________________________________ >> Camping-list mailing list >> [email protected] >> http://rubyforge.org/mailman/listinfo/camping-list > > > > -- > Dave > _______________________________________________ > Camping-list mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/camping-list > _______________________________________________ Camping-list mailing list [email protected] http://rubyforge.org/mailman/listinfo/camping-list
