[Rails] safe html links
Josh Rickard
josh.rickard at gmail.com
Wed Mar 1 03:05:19 GMT 2006
Hi,
I'm working on a web app that allows users to submit links to external
sites. I'm curious if there are any special security considerations I
should take aside from escaping the user input with h( )? Is it safe to
directly link_to h(user_inputted_url), h(user_inputted_url) or could that be
exploited in a way that I'm not thinking of. Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060301/fadc828d/attachment.html
More information about the Rails
mailing list