A
Alexey Verkhovsky
Hi all,
I am writing some sort of BBS in Ruby (on Rails). I downloaded and
included RedCloth for template rendering (in 5 lines of code and 15
lines of test - wow!). It's cool, but allows to include any HTML.
Now, I don't want to let some kiddie include some <javascript/> that
would make an innocent BBS thread pop 50 new browsers - no matter how
cool it might seem.
I wonder if there is any existing code to sanitize user inputs by
replacing dangerous HTML tags (like the aforementioned <javascript/>),
that I could use with RedCloth to alleviate this risk.
Ditto for plain text inputs (user names, subjects and other such).
Alex
I am writing some sort of BBS in Ruby (on Rails). I downloaded and
included RedCloth for template rendering (in 5 lines of code and 15
lines of test - wow!). It's cool, but allows to include any HTML.
Now, I don't want to let some kiddie include some <javascript/> that
would make an innocent BBS thread pop 50 new browsers - no matter how
cool it might seem.
I wonder if there is any existing code to sanitize user inputs by
replacing dangerous HTML tags (like the aforementioned <javascript/>),
that I could use with RedCloth to alleviate this risk.
Ditto for plain text inputs (user names, subjects and other such).
Alex