html safe and <%=h

Hi all,

This is kinda a noob question. Can someone please explain what html
safe mean, and what the function h in rails do and what are the best
times to use it. Even links will be helpful but i am doubtful if any
good explanations exists because i did a little search on couldn't get
more info.

I know that <%=h tries to make the whatever we are writing to the web
page as html safe by stripping out all the html tags. Does this
include all the <script> tags also??

thanks in advance.

suman

[...]

I know that <%=h tries to make the whatever we are writing to the web
page as html safe by stripping out all the html tags. Does this
include all the <script> tags also??

Well, <script> is an HTML tag, isn't it?

Anyway, it's not quite true that h removes HTML tags. Rather, what it
does is escape characters that have a special meaning in HTML, so that
"<tag>" will become "&lt;tag&gt;".

thanks in advance.

suman

Best,

Alright. And that is how the XSS attack is prevented.

Suman