It's really confusing to decide whether sanitize will help avoid XSS in case when :attributes => %w( style )
on stackoverflow, people say that it is not safe, yet the examples they give such as style="background-image: url(javascript:[code]);" is being filtered out using sanitize and all that is left is style="" is there a way to get a definite answer if sanitize with style allow will protect against XSS or not? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msg/rubyonrails-talk/-/FtHL3thXWpEJ. For more options, visit https://groups.google.com/groups/opt_out.

