Security issue in app

11155 · April 5, 2010, 10:11am

Hi, I am facing a following problem:- I have app in which user can edit his/her personal information and we are showing it on browser. Some of users has added "<script>alert('Hack');</script>" javascript in name textbox. Due to this whenever I am showing name on browser it is executing the script and giving javascript alert. Can anyone tell me how to fix this? Is there any plugin avaliable?

Thanks, Tushar

DmitryPush · April 5, 2010, 10:53am

<%=h @text_from_user %>

The point is 'h' helper. Getting Started with Rails — Ruby on Rails Guides - will be very useful to read. Good luck.

11155 · April 5, 2010, 11:20am

Hi, Use rails HTML escaping method - html_escape(s) or h(s) to fix that issue.

Thanks, Priyanka Pathak

11155 · April 5, 2010, 11:36am

Thanks Priyanka It is working. Priyanka Pathak wrote:

Topic		Replies	Views
Secuiyrt issue in App rubyonrails-talk	5	87	April 5, 2010
rubyonrails security issues?????? rubyonrails-talk	0	64	October 14, 2007
How to stop ruby escaping javascript? rubyonrails-talk	4	150	November 15, 2012
Form Data Injection - How to protect against? rubyonrails-talk	5	142	October 4, 2006
Security.html - Safe ERB and Rails 3 rubyonrails-docs	1	245	March 13, 2012

Security issue in app

Related topics

More Resources