JavaScript · Rails 3 · Ruby On Rails

Comparition of Adopting Unobstructive Javascript and XSS in Rails 2 & 3

Cross-Site-Scripting in Rails 2 <%= @post.body %> –> Unsafe <%= h @post.body %> –> Safe Cross-Site-Scripting in Rails 3 <%= @post.body %> –> Safe <%= raw @post.body %> –> Unsafe Adopting Unobstructive Javascript Example 1 : Rails 2: <%= link_to_remote ‘Show’, :url => post %> Will generate a HTML like, “<a href=”#” onclick=”new Ajax.Request(‘/posts/1′, {asynchronous:true,… Continue reading Comparition of Adopting Unobstructive Javascript and XSS in Rails 2 & 3