Hi All, Is there some kind of library etc that I can pass user input through to prevent cross site scripting in Ruby? for example if I accept user input and then try to textilize it I am vulnerable to cross site scripting - anyway around this? Cheers, D. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
lmongill-de0UBZ+tuaaakBO8gow8eQ@public.gmane.org
2006-Sep-07 17:24 UTC
Re: XSS - Cross Site Scripting
While I''m not sure if there is a ruby lib for this sort of thing, you might want to look into modsecurity and secure yourself from the server level: http://www.modsecurity.org/ -lincoln D L wrote:> Hi All, > > Is there some kind of library etc that I can pass user input through to > prevent cross site scripting in Ruby? > > for example if I accept user input and then try to textilize it I am > vulnerable to cross site scripting - anyway around this? > > Cheers, > > D. > > -- > Posted via http://www.ruby-forum.com/.--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
On 9/7/06, D L <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > Hi All, > > Is there some kind of library etc that I can pass user input through to > prevent cross site scripting in Ruby? > > for example if I accept user input and then try to textilize it I am > vulnerable to cross site scripting - anyway around this? > > Cheers, > > D. > > --http://weblog.techno-weenie.net/2006/9/3/white-listing-plugin-for-rails -- Rick Olson http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---
Rick Olson wrote:> On 9/7/06, D L <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: >> >> D. >> >> -- > > http://weblog.techno-weenie.net/2006/9/3/white-listing-plugin-for-rails > > -- > Rick Olson > http://weblog.techno-weenie.net > http://mephistoblog.comGreat - Thanks for all the responses - I will take a look. -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk -~----------~----~----~----~------~----~------~--~---