CrowdVine Blog » rails

Posts Tagged ‘rails’

Rails Plugin: sanitize_params

Monday, November 26th, 2007

A while back, Tony wrote up a post on what we were doing to protect ourselves from XSS attacks. Today, I’m releasing that same basic chunk of code as a Rails plugin.

The gist of it is, we basically run everything in the params hash through Rick Olson’s excellent white_list plugin.

That’s it. Overkill? Possibly. However, it’s been working fantastic for us. And now, it can work for you.

Because XSS attacks are horrible, horrible thing and you never want to have to deal with it. Just ask Tony.

Get it here.

Special thanks to Jodi Showers for the initial plugin work.

Tags: code, opensource, rails, ruby
Posted in Uncategorized | 7 Comments »

About

CrowdVine is a social network software company. Our original service lets anyone create a social network in three steps. Our second product, CrowdVine for Conferences, helps attendees meet at the event in order to build professional relationships and connections. Conference organizers can either build their own CrowdVine through our online service or work with our professional services team to build, customize, and facilitate the networking experience.
Archives
Recent Comments
- adam mclane on New Feature: Pages
- tony on New Feature: Pages
- CrowdVine Blog » Blog Archive » The Story Behind Our Redesign on Self-service Upgrades
- Fleur Corfield on Mobile Beta
- roger emery on Mobile Beta
Recent Posts
Tags
about adaptivepath associations barcamp blogging bootstrapping business code conference conference20 conferences crowdvine crunchies demo design facebook features foaf history interaction08 ixda launch moderation mpi mxconf news opensocial opensource podcamp press rails reviews ruby scwd smallbusiness socialgraph socialnetworking social networks talks theteam tutorial twitter unconference web2open web20