I'm creating a site that involves a blog, using Rails 2.3.8.
I've used the YUI Rich Text Editor to allow posts to be created (the
blog is for a photo site so images have to be uploaded) and the
SimpleEditor for posting comments.
In both cases, I'm using Hpricot to parse the html for index and show
actions.
I'm concerned about security, as I cannot use h or sanitize on the
output because if I do I lose the rich text functionality that the
client wants. But of course that opens the site to attack.
I really need some server side validation. I found some old posts on
this topic (2006) but the links were broken.
I'm sure other people have faced this problem before. Can anybody
point me in the direction of something that can help me validate the
html output so I can sleep better?
thanks
--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
No comments:
Post a Comment