Protecting Your Apps against Cross Site Scripting Attacks


#1

This has been in the news lately, so I wrote up an article about a
method I use to protect my app against XSS attacks. It’s easy to use
if you don’t care how it works, and I go through some of the
metaprogramming techniques I used if you do. Check it out:

http://blog.explorationage.com/articles/2006/01/25/how-to-protect-your-rails-apps-against-cross-site-scripting-attacks

Justin


#2

Justin,

Thanks for posting this, it was really informative for those of us
learning Rails and should prove very useful!

-Josh


Due to the recent increase in spam and falsely sent email, I now PGP
Sign all of my outgoing mail to prove my identity. This means that
you will see an attachment called “PGP.sig” with this message. This
attachment can be used to prove that I am who I say I am. If you are
not familiar with PGP, you can safely ignore it. For more
information, please visit http://www.pgp.com/ or http://www.gnupg.org/