#204 XSS Protection in Rails 3
It is easy to be vulnerable to cross site scripting attacks in earlier versions of Rails, but Rails 3 solves this by automatically escaping unsafe input.
- source codeProject Files in Zip (156 KB)
- mp4Full Size H.264 Video (11.8 MB)
- m4vSmaller H.264 Video (8.63 MB)
- webmFull Size VP8 Video (21 MB)
- ogvFull Size Theora Video (15.1 MB)
Update: as Santiago pointed out in the comments, it looks like XSS protection has been back-ported to Rails 2.3 and will be available in Rails 2.3.6.
<%= strong link_to(comment.name, comment.url) %>
<p><%= comment.content %></p>
# rails c
safe = "safe".html_safe