ruby · Ruby On Rails

Ruby on Rails Security Guide

Please refer the following for Ruby on Rails best practices on the security. CSRF and XSS are the most important ones:-   1) CSRF – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-csrf-3/ 2) XSS – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-xss-2/ 3) Protection flags on cookies – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-protection-flags-on-session-cookies/ 4) Filter parameter logging – https://selvaonrails.wordpress.com/2012/04/03/ruby-on-rails-security-filtering-parameter-logging/

JavaScript · Rails 3 · Ruby On Rails

Comparition of Adopting Unobstructive Javascript and XSS in Rails 2 & 3

Cross-Site-Scripting in Rails 2 <%= @post.body %> –> Unsafe <%= h @post.body %> –> Safe Cross-Site-Scripting in Rails 3 <%= @post.body %> –> Safe <%= raw @post.body %> –> Unsafe Adopting Unobstructive Javascript Example 1 : Rails 2: <%= link_to_remote ‘Show’, :url => post %> Will generate a HTML like, “<a href=”#” onclick=”new Ajax.Request(‘/posts/1′, {asynchronous:true,… Continue reading Comparition of Adopting Unobstructive Javascript and XSS in Rails 2 & 3