I have a script that uses the NET::HTTP class to scrape information off
of a website. I take that html and insert it into a database. How do I
escape all tags before inserting into database? Anything similar to
PHP’s mysql_escape_string? Or do I just invoke the h() or sanitize()
functions in the view before displaying the data?
On 5/31/07, hyped [email protected] wrote:
I have a script that uses the NET::HTTP class to scrape information off
of a website. I take that html and insert it into a database. How do I
escape all tags before inserting into database? Anything similar to
PHP’s mysql_escape_string? Or do I just invoke the h() or sanitize()
functions in the view before displaying the data?
I have a white_list helper for this:
http://svn.techno-weenie.net/projects/plugins/white_list/
h() will escape everything and sanitize() misses a lot of edge cases.
–
Rick O.
http://lighthouseapp.com
http://weblog.techno-weenie.net
http://mephistoblog.com
Hi Rick,
I recently came across a little bug in your plugin. I was eventually
going to file a bug report, but since it was mentioned on the list, I
thought I’d report it here…
The following test fails on the latest svn rev…
def test_closing_tag_regex_should_be_less_greedy
assert_white_listed %(BEFORE
AFTERBOLD!),
%(BEFORE AFTERBOLD!)
end
-christos