Same problem here but solved! hopefully this is helpful. Solution was
to watch Ryan Bates Railscast on Rails 3 XSS, and then to ensure any
strings being sent out by my form and custom helpers was HTML Safe =>
Just look for where the helpers are rendering tags and string and add
the ".html_safe" method on the end.
Hope this is helpful
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
