http://blog.rayvinly.com/articles/2008/10/30/sanitize-your-output-in-ruby-on-rails en-us 40 <p>We all know about the holy h() method that escapes your output when you do &lt;<span>=h blah %&gt;. But how many of us can claim we remember to use it where it&#8217;s appropriate during development 100</span> of the time? Can you swear you&#8217;ve never missed one? Moreover, it&#8217;s such a mental distraction to think logic and h() at the same time. And when you take over a Rails project in the middle, how can you ensure the previous developers use h()?</p> <p>Here&#8217;s the rescue.</p> <p><a href="http://github.com/pelargir/safe_erb">safe_erb</a> + <a href="http://github.com/drnic/rails-footnotes">footnotes</a></p> <p>I don&#8217;t think I need to explain more. Just use it and you will find all those places where you should sanitize your output with h(), sanitize(), and untaint(), ...etc.</p> Thu, 30 Oct 2008 14:37:00 -0400 urn:uuid:2139fb2c-3adc-4a1c-9de8-56bf527e1f9a Raymond Law http://blog.rayvinly.com/articles/2008/10/30/sanitize-your-output-in-ruby-on-rails Ruby on Rails Web 2.0 ruby rails rubyonrails safe_erb footnotes sanitize http://blog.rayvinly.com/articles/trackback/73