Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am making a Rails application and I have question regarding stripping text for tags. Is it normal to use the strip_tags method everywhere the view is showing text that the user have submitted? Or should all input be validated in the model and then you don’t need the strip_tags method in the view? It will be many places to add this and therefore I wonder if I am correct.
If you’re working with Rails 3+, it automatically escapes everything outputted in views from Ruby. Nothing to do, you’re safe by default.
If you’re working with Rails 2.3 and down, use
<%= h some_var %>to escape potentially harmful variables.Also you could use the gem
rails_xsswith Rails 2.3 to add the protection from Rails 3