Anti-xss library for ruby?


#1

Hi!

Does anybody know a ruby anti-xss library that passes all the cases
described in the xss cheat sheet (http://ha.ckers.org/xss.html)?

Thanks!

Ciao!
Florian


#2

Florian W. wrote:

Does anybody know a ruby anti-xss library that passes all the cases
described in the xss cheat sheet (http://ha.ckers.org/xss.html)?

I’ve been an advocate of whitelisting before, but after reading this I
would never again use anything else. Don’t even try doing blacklisting.
It won’t work.