Mailinglist Archive: yast-devel (59 mails)

< Previous Next >
Re: [yast-devel] WebYaST status 15-Mar-2010
  • From: Cornelius Schumacher <cschum@xxxxxxx>
  • Date: Mon, 15 Mar 2010 19:42:19 +0100
  • Message-id: <201003151942.19824.cschum@xxxxxxx>
On Monday 15 March 2010 19:29:39 Ladislav Slezak wrote:

(Solution: use h() helper in views for escaping all user entered values
or values read from a potentially unsafe source (which is almost
everything), see http://api.rubyonrails.org/classes/ERB/Util.html#M000315)

You could also use the RailsXss plugin, which escapes all unsafe strings by
default. This will also be the default behavior in Rails 3. As it errs on the
side of safeness I think it's the favorable approach compared to manually
escaping.

--
Cornelius Schumacher <cschum@xxxxxxx>
--
To unsubscribe, e-mail: yast-devel+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: yast-devel+help@xxxxxxxxxxxx

< Previous Next >