[Rails] safe html links
Charlie Bowman
charlie at castlebranch.com
Wed Mar 1 13:25:01 GMT 2006
I'm also very curious about this question.
On Tue, 2006-02-28 at 21:05 -0600, Josh Rickard wrote:
> Hi,
>
> I'm working on a web app that allows users to submit links to external
> sites. I'm curious if there are any special security considerations I
> should take aside from escaping the user input with h( )? Is it safe
> to directly link_to h(user_inputted_url), h(user_inputted_url) or
> could that be exploited in a way that I'm not thinking of. Thanks.
>
> _______________________________________________
> Rails mailing list
> Rails at lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
Charlie Bowman
http://www.recentrambles.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060301/42244d31/attachment-0001.html
More information about the Rails
mailing list