I have a script that uses the NET::HTTP class to scrape information off of a website. I take that html and insert it into a database. How do I escape all tags before inserting into database? Anything similar to PHP''s mysql_escape_string? Or do I just invoke the h() or sanitize() functions in the view before displaying the data? -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
On 5/31/07, hyped <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote:> > I have a script that uses the NET::HTTP class to scrape information off > of a website. I take that html and insert it into a database. How do I > escape all tags before inserting into database? Anything similar to > PHP''s mysql_escape_string? Or do I just invoke the h() or sanitize() > functions in the view before displaying the data?I have a white_list helper for this: http://svn.techno-weenie.net/projects/plugins/white_list/ h() will escape *everything* and sanitize() misses a lot of edge cases. -- Rick Olson http://lighthouseapp.com http://weblog.techno-weenie.net http://mephistoblog.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Hi Rick, I recently came across a little bug in your plugin. I was eventually going to file a bug report, but since it was mentioned on the list, I thought I''d report it here... The following test fails on the latest svn rev... def test_closing_tag_regex_should_be_less_greedy assert_white_listed %(BEFORE<script>alert(1)</script> AFTER<b>BOLD!</b>), %(BEFORE AFTER<b>BOLD!</b>) end -christos On 1 Jun 2007, at 03:05, Rick Olson wrote:> > On 5/31/07, hyped <rails-mailing-list-ARtvInVfO7ksV2N9l4h3zg@public.gmane.org> wrote: >> >> I have a script that uses the NET::HTTP class to scrape >> information off >> of a website. I take that html and insert it into a database. How >> do I >> escape all tags before inserting into database? Anything similar to >> PHP''s mysql_escape_string? Or do I just invoke the h() or sanitize() >> functions in the view before displaying the data? > > I have a white_list helper for this: > http://svn.techno-weenie.net/projects/plugins/white_list/ > > h() will escape *everything* and sanitize() misses a lot of edge > cases. > > -- > Rick Olson > http://lighthouseapp.com > http://weblog.techno-weenie.net > http://mephistoblog.com > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---