Hi there, is it correct that one should always use both...
1. sanitize(params[:whatever_external_or_user_input_to_save_to_database]), AND 2. h(@whatever_database_record_to_display_on_page) ...in order to have the highest security level? (Besides all the other security stuff to do, of course) Thanks a lot! Tom -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
