Forum: Ruby on Rails Is sanitize() strong enough to protect me from XSS?

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
Francisco Hernandez (Guest)
on 2006-05-05 08:43
(Received via mailing list)
Haven't been able to find a good enough answer on whether using
sanitize() is enough to really protect me from XSS attacks

I basically have a blog page that I want to allow people to display
comments on but would like to allow html tags to be posted on the
comments, these could html tags like the imageshack img tags, youtube
player, photobucket img tags etc

any other approaches or suggestions to this problem are appreciated!

This topic is locked and can not be replied to.