Is sanitize() strong enough to protect me from XSS?

Haven’t been able to find a good enough answer on whether using
sanitize() is enough to really protect me from XSS attacks

I basically have a blog page that I want to allow people to display
comments on but would like to allow html tags to be posted on the
comments, these could html tags like the imageshack img tags, youtube
player, photobucket img tags etc

any other approaches or suggestions to this problem are appreciated!


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs