XSS - HTML Filtering



Use the Rails `sanitize()` helper

 Html Filtering
Learn Ruby on Rails - Ruby on Rails tutorial - Html Filtering - Ruby on Rails examples - Ruby On Rails programs

Only effective with Rails 2.0:

  • Filters HTML nodes and attributes
  • Removes protocols like “javascript:”
  • Handles unicode/ascii/hex hacks

sanitize(html, options = {})

 Html Filtering
Learn Ruby on Rails - Ruby on Rails tutorial - Html Filtering - Ruby on Rails examples - Ruby On Rails programs
  • Utilize Tidy if you want to be more cautious
 Html Filtering
Learn Ruby on Rails - Ruby on Rails tutorial - Html Filtering - Ruby on Rails examples - Ruby On Rails programs

Related Searches to XSS - HTML Filtering