Displaying 20 results from an estimated 1000 matches similar to: "what escape or sanitize functions are out there?"
2008 Feb 01
4
How to sanitize _before_ going into the database?
I use a call to the sanitize method every time I render some user
input, but it would be much nicer if I could clean it up once before
putting it into the database and avoid having to call the (relatively
expensive) sanitize every time I render a page.
My first thought was to just add something like:
def message=(x)
self[:message]=sanitize(x)
end
However, the sanitize helper cannot be called
2009 Apr 21
12
still cannot install rails on windows
if i follow the instructions on:
http://agilo.us/2009/03/15/rails-on-windows/
the command
gem install sqlite3-ruby
will give
---------------------------------
Building native extensions. This could take a while...
ERROR: Error installing sqlite3-ruby:
ERROR: Failed to build gem native extension.
c:/ruby/bin/ruby.exe extconf.rb
checking for fdatasync() in rt.lib... no
checking for
2009 May 26
9
cookies are mandatory for Rails app?
is it true that Rails depend on cookies? It seems that flash is a part
of session, and session uses cookies... so when i disable cookie in
Firefox, what was working became
ActionController::InvalidAuthenticityToken
so is it true that for a RoR app to work, cookies are mandatory?
--
Posted via http://www.ruby-forum.com/.
2016 Jan 02
3
ssh-keygen: sanitize ANSI escape sequences in key comment
Hi,
Today I fiddled around a bit with my OpenSSH public key files, and I noticed
that ssh-keygen prints most non-printable characters in the comment as-is when
showing the fingerprint of a key. This can lead to confusing output on the
terminal when the comment contains ANSI escape characters which are interpreted
by the terminal. The attached public key file serves as an example, which, when
2006 May 15
1
Simple: How to use TextHelper in a controller
I''m having trouble succesfully getting access to the
ActionView::Helpers::TextHelper.strip_tags
method from one of my controllers.
If I try to call it directly using
ActionView::Helpers::TextHelper.strip_tags
I get
undefined method `strip_tags'' for ActionView::Helpers::TextHelper:Module
What is the preferred way to make ActionView helpers available to a
descendant of
2016 Jan 05
8
[Bug 2520] New: ssh-keygen: sanitize ANSI escape sequences in key comment
https://bugzilla.mindrot.org/show_bug.cgi?id=2520
Bug ID: 2520
Summary: ssh-keygen: sanitize ANSI escape sequences in key
comment
Product: Portable OpenSSH
Version: 7.1p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
2006 May 11
0
Using action view helpers (strip_tags) in a rake task?
Hi all -
I''ve got a rake task that migrates some old data (simple, loop through the
old stuff, modify it a bit, and save it to the new system). That all
works great.
However, I''d like to use strip_tags() to remove all HTML from some of the
fields I''m converting, but I can''t figure out how to
include/use/require/load/etc the right stuff to make this work.
2006 May 05
4
Is sanitize() strong enough to protect me from XSS?
Haven''t been able to find a good enough answer on whether using
sanitize() is enough to really protect me from XSS attacks
I basically have a blog page that I want to allow people to display
comments on but would like to allow html tags to be posted on the
comments, these could html tags like the imageshack img tags, youtube
player, photobucket img tags etc
any other approaches or
2009 May 05
9
no sql in the controller guideline
hello. i just checked Chad Fowler''s post "20 Rails Development No-No''s"
and
one guideline caught my attention. it says:
"Nothing that looks at all like SQL should go into a controller, view,
or helper."
it really came as a surprise to me as Rails itself seems to go against
such practice by its AR ''conditions'' option, which most of the times
2007 Sep 28
2
RoR uses something rather than erb or eRuby?
it seems that RoR doesn''t use erb or eRuby to generate its output for
rhtml?
the program erb and the description of eRuby at
http://www.eruby.info
both said that
<% print "foo bar" %> or <% puts "hello" %>
will be placed into the output...
but currently for RoR, it won''t...
only <%= expr %> is doing it and it cannot be print or
2010 Feb 02
0
[Security] Loofah has an HTML injection / XSS vulnerability, please upgrade to 0.4.6
Synopsis
----------
Loofah::HTML::Document#text emits unencoded HTML entities prior to
0.4.6. This was originally by design, since the output of #text is
intended to be used in a non-HTML context (such as generation of
human-readable text documents).
However, Loofah::XssFoliate''s default behavior and
Loofah::Helpers#strip_tags
both use #text to strip tags out of the output, meaning that
2011 Jan 13
5
undefined method `xss_terminate'
I''m trying to run a rails app developed by my firm on my Ubuntu machine.
I''m using RVM with what I think are all the appropriate gems installed.
The application works fine on co-workers OSX machines.
When running db:migrate I get the following error:
$ rake db:migrate --trace
...
rake aborted!
An error has occurred, all later migrations canceled:
undefined method
2006 May 30
7
Stripping HTML tags from a string
Hello,
Is there a common way of stripping html tags from a string? Right now I''m
just calling gsub!(/<.*?>/, ''''), but with a background in PHP and always
having used its strip_tags() method, I wonder if the Rails community has
standardized this fairly common task with something a bit less simpleminded
than my quick fix.
Thanks!
Zack
-------------- next part
2007 Nov 29
27
Strip & Sanitize BEFORE saving data
So I''ve googled my brains out, and I see a lot of talk about
TextHelper for views, but next to no discussion about cleaning text
_before_ it is saved.
I figured this had to be asked 4 zillion times, but I''m not finding
anything concrete/obvious.
Using h is fine as a safety catch, but that alone is not acceptable
to me as the means of diffusing the impact of HTML or JS
2008 Jun 24
3
Running the beast forum for the first time
Hey guys,
so I think I''ve done my installation of the beast forum correctly. Its
done the database migration and all the tables look fine. Now, when I
run
ruby script/server
and point my browser at http://localhost:3000/ I get a "500 Internal
Server Error" error.
Anybody know whats causing this? I''ve been trying to work it out for
ages now and its wrecking my head
2012 Aug 10
0
Missing earlier versions work around for "XSS Vulnerability in strip_tags"
The rubyonrails-security announcement for CVE-2012-3465 "XSS
Vulnerability in strip_tags" mentions that a work around for earlier
versions should be attached, but there''s none, only patches for 3.0
series and up.
Is the work around available? If so, where can I get hold of it?
Thanks in advance,
Peter
--
Posted via http://www.ruby-forum.com/.
--
You received this message
2010 Aug 18
1
upgarde from rails 2.3.5 to rails 2.3.8
Hi
I upgraded my rails application rails 2.3.8 from 2.3.5 like below
gem install rails -v=2.3.8
Now in environemnt.rb RAILS_GEM_VERSION changed to ''2.3.8''. Now
when I tried to a previous migration like
rake db:migrate VERSION=20100714122104
I got warning like
DEPRECATION WARNING: Rake tasks in vendor/plugins/delayed_job/tasks,
vendor/plugins/paperclip/tasks,
2008 Jul 11
4
how to debug using rspec stories
Hello. I just started to use rspec stories. I followed the following
tutorial:
http://www.tomtenthij.co.uk/2008/1/25/rspec-plain-text-story-runner-on-a-fresh-rails-app
So I implemented my story and some of the steps are:
(...)
When "user creates a product" do
post "products/new", :name => @name
end
Then "there should be a product named
2016 Mar 24
2
C5 MySQL injection attack ("Union Select")
On Thu, 2016-03-24 at 14:27 +0300, ????????? ???????? wrote:
> This is obviously an application level problem. What is this php file?
> You should upgrade wordpress and remove or block access to the plugin or
> custom page which allows sql injections.
Yes, my mistake. I should have imposed strict controls on the length of
parameters passed to programmes via web pages $_GET[] such as:-
2008 Jul 03
6
mysql gem warning on ubuntu
i just deployed my app on ubuntu with passenger.
i installed the mysql gem as follows:
$ sudo gem install mysql
Select which gem to install for your platform (i486-linux)
1. mysql 2.7.3 (mswin32)
2. mysql 2.7.1 (mswin32)
3. mysql 2.7 (ruby)
4. mysql 2.6 (ruby)
5. Skip this gem
6. Cancel installation
> 3
Building native extensions. This could take a while...
Successfully installed