On Monday, June 4, 2018 at 5:56:59 AM UTC-4, Paul McMahon wrote: > > Somehow, users sometimes enter "\b" (the backspace character) into our web > forms.For the sake of example, say they enter in "Foo\bbar" into a form. > > This then gets saved to the database as is "Foo\bbar". When I later > include this in my html, it gets added as is (so my html > contains "Foo\bbar"). However, the browser renders it as "Foobar". This > seems to match the users intention (they want to display "Foobar"), and so > they leave it as is. The only way a user might notice this is if they try > and copy and paste the displayed text, they'll get "Fobar" (the backspace > character is applied). > > I bring this up as an issue as PayPal crashes if you try to create a > charge with "\b" in their memo field. > > I'm wondering how our application should handle this. My first instinct > was to just strip them from the model attribute that's being to create a > charge with PayPal, resolving my immediate issue. However, that got me > wondering, should I just strip this character from all my models, and in > that case, would this make sense as a Rails feature? >
sanitize helper in views so it'll be stripped out before being rendered and they're not gonna be allowed to use it as input, i guess you could use it on your params in any controller too no? -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/rubyonrails-talk/795d465b-8b60-45f2-86db-fbee3ea8d8e5%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
