You are correct - h() is not enough. Check out the excellent White-listing plugin by Rick Olson at http://weblog.techno-weenie.net/2006/9/3/white-listing-plugin-for-rails.
Hope this helps, Zack
You are correct - h() is not enough. Check out the excellent White-listing plugin by Rick Olson at http://weblog.techno-weenie.net/2006/9/3/white-listing-plugin-for-rails.
Hope this helps, Zack