Validating text in Rails


Is is necessary to validate incoming text from a form field if we use
h(…) to display it in our view? Are there any security issues in
storing that information in the database as long as I make sure I’m
using h(…) to display it.



Hi Sam -

h() is there to protect you from cross-site scripting attacks.

SQL injection attacks are a different beast. Luckily, ActiveRecord will
take care of those for you, as long as you use it correctly. This boils
down to never manually inserting user-entered content into an sql

For more detail:

Starr - Where business and code collide.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs