Displaying 1 result from an estimated 1 matches for "user_inputted_url".
2006 Mar 01
2
safe html links
Hi,
I''m working on a web app that allows users to submit links to external
sites. I''m curious if there are any special security considerations I
should take aside from escaping the user input with h( )? Is it safe to
directly link_to h(user_inputted_url), h(user_inputted_url) or could that be
exploited in a way that I''m not thinking of. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060301/fadc828d/attachment.html