search for: xss2

Displaying 1 result from an estimated 1 matches for "xss2".

Did you mean: tss2
2009 Feb 15
2
text_area_tag not escaping content by default
...text_area_tag and assuming the content is being safely escaped by default. And every one of them is an XSS problem. It''s an issue with anything that uses content_tag, of course. Try this, for example: label_tag ''foo'', "</lable><script>alert(''xss2'')</script>" At the very least, are we amendable to adding a note in the FormTagHelper docs about the escaping rules? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" g...