A while back, Tony wrote up a post on what we were doing to protect ourselves from XSS attacks. Today, I’m releasing that same basic chunk of code as a Rails plugin.
The gist of it is, we basically run everything in the params hash through Rick Olson’s excellent white_list plugin.
That’s it. Overkill? Possibly. However, it’s been working fantastic for us. And now, it can work for you.
Because XSS attacks are horrible, horrible thing and you never want to have to deal with it. Just ask Tony.
Get it here.
Special thanks to Jodi Showers for the initial plugin work.