> I wanna take a stab at implementing better XSS prevention for Rails. > This time for real =) > > I'm wondering what would be the better way, clean everything up with > tidy first and then do the rest with regexp or regexp all the way? > Anybody done this before?
Have a look at TextHelper#sanitize and go from there. http://ha.ckers.org/xss.html has a good list of things to guard for. It would be cool to turn that site into a test case and work until we pass 'em all. -- David Heinemeier Hansson http://www.loudthinking.com -- Broadcasting Brain http://www.basecamphq.com -- Online project management http://www.backpackit.com -- Personal information manager http://www.rubyonrails.com -- Web-application framework _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
