similar to: what escape or sanitize functions are out there?

Displaying 20 results from an estimated 1000 matches similar to: "what escape or sanitize functions are out there?"

2008 Feb 01
4
How to sanitize _before_ going into the database?
I use a call to the sanitize method every time I render some user input, but it would be much nicer if I could clean it up once before putting it into the database and avoid having to call the (relatively expensive) sanitize every time I render a page. My first thought was to just add something like: def message=(x) self[:message]=sanitize(x) end However, the sanitize helper cannot be called
2009 Apr 21
12
still cannot install rails on windows
if i follow the instructions on: http://agilo.us/2009/03/15/rails-on-windows/ the command gem install sqlite3-ruby will give --------------------------------- Building native extensions. This could take a while... ERROR: Error installing sqlite3-ruby: ERROR: Failed to build gem native extension. c:/ruby/bin/ruby.exe extconf.rb checking for fdatasync() in rt.lib... no checking for
2009 May 26
9
cookies are mandatory for Rails app?
is it true that Rails depend on cookies? It seems that flash is a part of session, and session uses cookies... so when i disable cookie in Firefox, what was working became ActionController::InvalidAuthenticityToken so is it true that for a RoR app to work, cookies are mandatory? -- Posted via http://www.ruby-forum.com/.
2016 Jan 02
3
ssh-keygen: sanitize ANSI escape sequences in key comment
Hi, Today I fiddled around a bit with my OpenSSH public key files, and I noticed that ssh-keygen prints most non-printable characters in the comment as-is when showing the fingerprint of a key. This can lead to confusing output on the terminal when the comment contains ANSI escape characters which are interpreted by the terminal. The attached public key file serves as an example, which, when
2006 May 15
1
Simple: How to use TextHelper in a controller
I''m having trouble succesfully getting access to the ActionView::Helpers::TextHelper.strip_tags method from one of my controllers. If I try to call it directly using ActionView::Helpers::TextHelper.strip_tags I get undefined method `strip_tags'' for ActionView::Helpers::TextHelper:Module What is the preferred way to make ActionView helpers available to a descendant of
2016 Jan 05
8
[Bug 2520] New: ssh-keygen: sanitize ANSI escape sequences in key comment
https://bugzilla.mindrot.org/show_bug.cgi?id=2520 Bug ID: 2520 Summary: ssh-keygen: sanitize ANSI escape sequences in key comment Product: Portable OpenSSH Version: 7.1p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh-keygen
2006 May 11
0
Using action view helpers (strip_tags) in a rake task?
Hi all - I''ve got a rake task that migrates some old data (simple, loop through the old stuff, modify it a bit, and save it to the new system). That all works great. However, I''d like to use strip_tags() to remove all HTML from some of the fields I''m converting, but I can''t figure out how to include/use/require/load/etc the right stuff to make this work.
2006 May 05
4
Is sanitize() strong enough to protect me from XSS?
Haven''t been able to find a good enough answer on whether using sanitize() is enough to really protect me from XSS attacks I basically have a blog page that I want to allow people to display comments on but would like to allow html tags to be posted on the comments, these could html tags like the imageshack img tags, youtube player, photobucket img tags etc any other approaches or
2009 May 05
9
no sql in the controller guideline
hello. i just checked Chad Fowler''s post "20 Rails Development No-No''s" and one guideline caught my attention. it says: "Nothing that looks at all like SQL should go into a controller, view, or helper." it really came as a surprise to me as Rails itself seems to go against such practice by its AR ''conditions'' option, which most of the times
2007 Sep 28
2
RoR uses something rather than erb or eRuby?
it seems that RoR doesn''t use erb or eRuby to generate its output for rhtml? the program erb and the description of eRuby at http://www.eruby.info both said that <% print "foo bar" %> or <% puts "hello" %> will be placed into the output... but currently for RoR, it won''t... only <%= expr %> is doing it and it cannot be print or
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
Synopsis ---------- Loofah::HTML::Document#text emits unencoded HTML entities prior to 0.4.6. This was originally by design, since the output of #text is intended to be used in a non-HTML context (such as generation of human-readable text documents). However, Loofah::XssFoliate''s default behavior and Loofah::Helpers#strip_tags both use #text to strip tags out of the output, meaning that
2011 Jan 13
5
undefined method `xss_terminate'
I''m trying to run a rails app developed by my firm on my Ubuntu machine. I''m using RVM with what I think are all the appropriate gems installed. The application works fine on co-workers OSX machines. When running db:migrate I get the following error: $ rake db:migrate --trace ... rake aborted! An error has occurred, all later migrations canceled: undefined method
2006 May 30
7
Stripping HTML tags from a string
Hello, Is there a common way of stripping html tags from a string? Right now I''m just calling gsub!(/<.*?>/, ''''), but with a background in PHP and always having used its strip_tags() method, I wonder if the Rails community has standardized this fairly common task with something a bit less simpleminded than my quick fix. Thanks! Zack -------------- next part
2007 Nov 29
27
Strip & Sanitize BEFORE saving data
So I''ve googled my brains out, and I see a lot of talk about TextHelper for views, but next to no discussion about cleaning text _before_ it is saved. I figured this had to be asked 4 zillion times, but I''m not finding anything concrete/obvious. Using h is fine as a safety catch, but that alone is not acceptable to me as the means of diffusing the impact of HTML or JS
2008 Jun 24
3
Running the beast forum for the first time
Hey guys, so I think I''ve done my installation of the beast forum correctly. Its done the database migration and all the tables look fine. Now, when I run ruby script/server and point my browser at http://localhost:3000/ I get a "500 Internal Server Error" error. Anybody know whats causing this? I''ve been trying to work it out for ages now and its wrecking my head
2012 Aug 10
0
Missing earlier versions work around for "XSS Vulnerability in strip_tags"
The rubyonrails-security announcement for CVE-2012-3465 "XSS Vulnerability in strip_tags" mentions that a work around for earlier versions should be attached, but there''s none, only patches for 3.0 series and up. Is the work around available? If so, where can I get hold of it? Thanks in advance, Peter -- Posted via http://www.ruby-forum.com/. -- You received this message
2010 Aug 18
1
upgarde from rails 2.3.5 to rails 2.3.8
Hi I upgraded my rails application rails 2.3.8 from 2.3.5 like below gem install rails -v=2.3.8 Now in environemnt.rb RAILS_GEM_VERSION changed to ''2.3.8''. Now when I tried to a previous migration like rake db:migrate VERSION=20100714122104 I got warning like DEPRECATION WARNING: Rake tasks in vendor/plugins/delayed_job/tasks, vendor/plugins/paperclip/tasks,
2008 Jul 11
4
how to debug using rspec stories
Hello. I just started to use rspec stories. I followed the following tutorial: http://www.tomtenthij.co.uk/2008/1/25/rspec-plain-text-story-runner-on-a-fresh-rails-app So I implemented my story and some of the steps are: (...) When "user creates a product" do post "products/new", :name => @name end Then "there should be a product named
2016 Mar 24
2
C5 MySQL injection attack ("Union Select")
On Thu, 2016-03-24 at 14:27 +0300, ????????? ???????? wrote: > This is obviously an application level problem. What is this php file? > You should upgrade wordpress and remove or block access to the plugin or > custom page which allows sql injections. Yes, my mistake. I should have imposed strict controls on the length of parameters passed to programmes via web pages $_GET[] such as:-
2008 Jul 03
6
mysql gem warning on ubuntu
i just deployed my app on ubuntu with passenger. i installed the mysql gem as follows: $ sudo gem install mysql Select which gem to install for your platform (i486-linux) 1. mysql 2.7.3 (mswin32) 2. mysql 2.7.1 (mswin32) 3. mysql 2.7 (ruby) 4. mysql 2.6 (ruby) 5. Skip this gem 6. Cancel installation > 3 Building native extensions. This could take a while... Successfully installed