Re: [id-ruby] fungsi escapeHTML()

Arie Kusuma Atmaja Tue, 25 Nov 2008 22:46:44 -0800

irfani YangBaikHati wrote:
>   # Escape special characters in HTML, namely &\"<>
>   #   CGI::escapeHTML('Usage: foo "bar" <baz>')
>   #      # => "Usage: foo &quot;bar&quot; &lt;baz&gt;"
>   def CGI::escapeHTML(string)
>     string.gsub(/&/n, '&amp;').gsub(/\"/n, '&quot;').gsub(/>/n,
> '&gt;').gsub(/</n, '&lt;')
>   end
> 
> 
> 
> 2008/11/26 Devin Maggots <[EMAIL PROTECTED]>
> 
>>   Saya ingin bertanya,,apakah ad yg tau detail dari fungsi (isi atau
>> fungsi-fungsi apa saja yg membangun) CGI::escapeHTML(value) yg biasa
>> ny digunakan untuk pencegahan XSS pada ruby on rails?? atau mungkin
>> ada referensi nya?? saya sudah browsing d google tapi saya tidak
>> menemukannya. Terima kasih atas jawabannya


r:i arie$ fastri-server &
[1] 541
r:i arie$ Looking for Ring server...
No Ring server found, starting my own.
fastri-server 0.0.1 (FastRI 0.3.1) listening on druby://127.0.0.1:49509
ACL:
deny  all
allow 127.0.0.1

r:i arie$ fri ERB::Util#html_escape
-------------------------------------------------- ERB::Util#html_escape
      html_escape(s)
------------------------------------------------------------------------
      A utility method for escaping HTML tag characters in s.

        require "erb"
        include ERB::Util

        puts html_escape("is a > 0 & a < 10?")

      Generates

        is a &gt; 0 &amp; a &lt; 10?


      (also known as h)
r:i arie$


-- 
http://ariekusumaatmaja.wordpress.com/about
Testing is in the DNA of the Ruby community

Re: [id-ruby] fungsi escapeHTML()

Kirim email ke