It's really confusing to decide whether sanitize will help avoid XSS in case when :attributes => %w( style ) on stackoverflow, people say that it is not safe, yet the examples they give such as style="background-image: url(javascript:[code]);" is being filtered out using sanitize and all that is left is style="" is there a way to get a definite answer if sanitize with style allow will protect against XSS or not?
on 2012-12-12 13:07
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.