Security issue in app

Hi,
I am facing a following problem:-
I have app in which user can edit his/her personal information and we
are showing it on browser. Some of users has added
“” javascript in name textbox. Due to
this whenever I am showing name on browser it is executing the script
and giving javascript alert.
Can anyone tell me how to fix this? Is there any plugin avaliable?

Thanks,
Tushar

<%=h @text_from_user %>

The point is ‘h’ helper.
http://guides.rubyonrails.org/getting_started.html - will be very
useful to read.
Good luck.

Hi,
Use rails HTML escaping method - html_escape(s) or h(s) to fix that
issue.

Thanks,
Priyanka P.

Thanks Priyanka
It is working.
Priyanka P. wrote:

Hi,
Use rails HTML escaping method - html_escape(s) or h(s) to fix that
issue.

Thanks,
Priyanka P.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs