Security issue in app

Hi, I am facing a following problem:- I have app in which user can edit his/her personal information and we are showing it on browser. Some of users has added "<script>alert('Hack');</script>" javascript in name textbox. Due to this whenever I am showing name on browser it is executing the script and giving javascript alert. Can anyone tell me how to fix this? Is there any plugin avaliable?

Thanks, Tushar

<%=h @text_from_user %>

The point is 'h' helper. Getting Started with Rails — Ruby on Rails Guides - will be very useful to read. Good luck.

Hi,     Use rails HTML escaping method - html_escape(s) or h(s) to fix that issue.

Thanks, Priyanka Pathak

Thanks Priyanka It is working. Priyanka Pathak wrote: