Hi,
I am facing a following problem:-
I have app in which user can edit his/her personal information and we
are showing it on browser. Some of users has added
“” javascript in name textbox. Due to
this whenever I am showing name on browser it is executing the script
and giving javascript alert.
Can anyone tell me how to fix this? Is there any plugin avaliable?
Thanks,
Tushar
<%=h @text_from_user %>
The point is ‘h’ helper.
Getting Started with Rails — Ruby on Rails Guides - will be very
useful to read.
Good luck.
Hi,
Use rails HTML escaping method - html_escape(s) or h(s) to fix that
issue.
Thanks,
Priyanka P.
Thanks Priyanka
It is working.
Priyanka P. wrote:
Hi,
Use rails HTML escaping method - html_escape(s) or h(s) to fix that
issue.Thanks,
Priyanka P.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs