Sanitize your output in Ruby on Rails
We all know about the holy h() method that escapes your output when you do <=h blah %>. But how many of us can claim we remember to use it where it’s appropriate during development 100 of the time? Can you swear you’ve never missed one? Moreover, it’s such a mental distraction to think logic and h() at the same time. And when you take over a Rails project in the middle, how can you ensure the previous developers use h()?
Here’s the rescue.
I don’t think I need to explain more. Just use it and you will find all those places where you should sanitize your output with h(), sanitize(), and untaint(), ...etc.
Trackbacks
Use the following link to trackback from your own site:
http://blog.rayvinly.com/articles/trackback/73
