Hi,
I’m working on a web app that allows users to submit links to external
sites. I’m curious if there are any special security considerations I
should take aside from escaping the user input with h( )? Is it safe to
directly link_to h(user_inputted_url), h(user_inputted_url) or could
that be
exploited in a way that I’m not thinking of. Thanks.
I’m also very curious about this question.
On Tue, 2006-02-28 at 21:05 -0600, Josh R. wrote:
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails
Charlie B.
http://www.recentrambles.com
Charlie B. wrote:
I’m also very curious about this question.
On Tue, 2006-02-28 at 21:05 -0600, Josh R. wrote:
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/railsCharlie B.
http://www.recentrambles.com
Just with experience with Phishing I would disallow the use of “@”
characters in URLs since they are usually used in user/password on
website tricks like
http://www.ebay.com:[email protected]
Probably wouldn’t be as effective as a phishing method on a website but
you never know.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs