Hi http://code.google.com/p/xssterminate/
I have found this rails plugin which automatically removes XSS from models upon saving. This is great. My concern is, which is the best choice, 1) use plugin like this Or 2) allow the content to be entered in to db as it is and later escape it from view using h method or sanitize . Why I am asking this is , the latest railscast 204 says rails3 automatically sanitize html. But why cant use this type of plugin for not at all entering such malicious user inputs to the database? Please share your thoughts Thanks Tom -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
