发表新帖
发表新帖

Escaping HTML in Rails

后端 未结
关注
5 578
终归单人心
终归单人心 2021-02-01 04:12

What is the recommended way to escape HTML to prevent XSS vulnerabilities in Rails apps?

Should you allow the user to put any text into the database but escape it when d

5条回答
  • 无人及你
    无人及你 (楼主)
    2021-02-01 05:15

    Use the h method in your view template. Say you have a post object with a comment property:

    
    <%= h post.comment %>

    0 讨论(0)
 看不清?
提交回复
热议问题