Home/ Questions/Q 334411
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T10:03:06+00:00

This is probably a stupid question but I’ll go ahead and humble myself. The

  • 0

This is probably a stupid question but I’ll go ahead and humble myself.

The Ruby code in my controllers and models are interpreted so that a HTML result is sent to the browser. Ok, I get that part.

But is there any way for a mailicious user to somehow take a peek at the Ruby code in the controllers and models by bypassing the process that converts or interprets that code before it is sent to the browser?

The reason I’m concerned is I am planning on doing some order processing in my app and if a malicious user was able to do that, they might be able to figure out how to do all kinds of unpleasant things.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Side tip: make sure you use html_escape or h to escape user data and prevent someone from injecting code into your site. For example, use
    <%= h(person.name) %> so that someone can’t put javascript in the name field and have it run when people view that page.

    • 0