why remove strip_tags() function in rails 2.0.2. and in rails1.2.6 I used this function. and how can I solve this problem? Thanks! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Jeremy Weiskotten
2008-Jan-09 20:36 UTC
Re: why remove strip_tags() function in rails 2.0.2
OnRails wrote:> why remove strip_tags() function in rails 2.0.2. and in rails1.2.6 I > used this function. and how can I solve this problem? > Thanks!http://www.rorsecurity.info/2007/08/17/dont-use-strip_tags-strip_links-and-sanitize/ -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Frederick Cheung
2008-Jan-10 08:20 UTC
Re: why remove strip_tags() function in rails 2.0.2
On 9 Jan 2008, at 20:36, Jeremy Weiskotten wrote:> > OnRails wrote: >> why remove strip_tags() function in rails 2.0.2. and in rails1.2.6 I >> used this function. and how can I solve this problem? >> Thanks! > > http://www.rorsecurity.info/2007/08/17/dont-use-strip_tags-strip_links-and-sanitize/Except of course that in rails 2 strip_tags, strip_links, sanitize have been reeimplemented using a white list approach and so they should be safe again Fred> > -- > Posted via http://www.ruby-forum.com/. > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---