Alright. And that is how the XSS attack is prevented. Suman
On Apr 24, 1:00 pm, Marnen Laibow-Koser <[email protected]> wrote: > On Apr 24, 10:05 am, Suman Gurung <[email protected]> wrote: > [...] > > > I know that <%=h tries to make the whatever we are writing to the web > > page as html safe by stripping out all the html tags. Does this > > include all the <script> tags also?? > > Well, <script> is an HTML tag, isn't it? > > Anyway, it's not quite true that h removes HTML tags. Rather, what it > does is escape characters that have a special meaning in HTML, so that > "<tag>" will become "<tag>". > > > > > thanks in advance. > > > suman > > Best, > -- > Marnen Laibow-Koserhttp://www.marnen.org > [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
