I just finished cooking up a version of acts_as_textiled that will sanitize after the RedCloth operation to guarantee well-formedness and XSS safety. I chose this approach over input-filtering like xss_terminate does because I don't like to munge the user input, and I didn't want to have to add an extra column for every textiled field in my app. The acts_as_textiled semantics prevent careless template errors, while preserving user input without any DB migrations.
I believe the approach will dovetail nicely with koz's erubis/taint- mode work scheduled for Rails 3 and backported to 2-3-stable and I'll be looking to integrate them when the time comes. It's fully gemified, spec'ed in bacon and released to gemcutter: http://github.com/dasil003/acts_as_sanitiled --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk@googlegroups.com To unsubscribe from this group, send email to rubyonrails-talk+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
