I have a script that uses the NET::HTTP class to scrape information off of a website. I take that html and insert it into a database. How do I escape all tags before inserting into database? Anything similar to PHP''s mysql_escape_string? Or do I just invoke the h() or sanitize() functions in the view before displaying the data? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 5/31/07, hyped <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > I have a script that uses the NET::HTTP class to scrape information off > of a website. I take that html and insert it into a database. How do I > escape all tags before inserting into database? Anything similar to > PHP''s mysql_escape_string? Or do I just invoke the h() or sanitize() > functions in the view before displaying the data?I have a white_list helper for this: http://svn.techno-weenie.net/projects/plugins/white_list/ h() will escape *everything* and sanitize() misses a lot of edge cases. -- Rick Olson http://lighthouseapp.com http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Rick,
I recently came across a little bug in your plugin. I was eventually
going to file a bug report, but since it was mentioned on the list, I
thought I''d report it here...
The following test fails on the latest svn rev...
def test_closing_tag_regex_should_be_less_greedy
assert_white_listed %(BEFORE<script>alert(1)</script>
AFTER<b>BOLD!</b>),
%(BEFORE AFTER<b>BOLD!</b>)
end
-christos
On 1 Jun 2007, at 03:05, Rick Olson wrote:
>
> On 5/31/07, hyped
<rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:
>>
>> I have a script that uses the NET::HTTP class to scrape
>> information off
>> of a website. I take that html and insert it into a database. How
>> do I
>> escape all tags before inserting into database? Anything similar to
>> PHP''s mysql_escape_string? Or do I just invoke the h() or
sanitize()
>> functions in the view before displaying the data?
>
> I have a white_list helper for this:
> http://svn.techno-weenie.net/projects/plugins/white_list/
>
> h() will escape *everything* and sanitize() misses a lot of edge
> cases.
>
> --
> Rick Olson
> http://lighthouseapp.com
> http://weblog.techno-weenie.net
> http://mephistoblog.com
>
> >
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---