Displaying 1 result from an estimated 1 matches for "xss2".
Did you mean:
tss2
2009 Feb 15
2
text_area_tag not escaping content by default
...text_area_tag and
assuming the content is being safely escaped by default. And every one
of them is an XSS problem.
It''s an issue with anything that uses content_tag, of course. Try
this, for example:
label_tag ''foo'', "</lable><script>alert(''xss2'')</script>"
At the very least, are we amendable to adding a note in the
FormTagHelper docs about the escaping rules?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" g...