My favorites | Sign in
Project Logo
Project hosting will be READ-ONLY Wednesday at 8am PST due to brief network maintenance.
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
Summary | Updates | People
Code license: MIT License
Labels: rails, web, security, xss, ruby
Feeds:
People details
Project owners:
  Tomasz.Wegrzanowski

XSS Shield protects your views against cross-site scripting attacks without error-prone manual escaping with h().

Instead of: 

  <h3><%= h(item.name) %></h3>
  <p><%= link_to "#{h(item.first_name)}'s stuff", :action => :view, :id => item %></p>

You will be able to write: 

  <h3><%= item.name %></h3>
  <p><%= link_to "#{item.first_name}'s stuff", :action => :view, :id => item %></p>

and all your views will be automatically protected. Protection works by tagging strings you trust - which are only those escaped by h(), generated by trusted helpers (like link_to, text_area, will_paginate etc.), or explicitly marked as trusted by you. If untrusted string is to be displayed in a template it is h-escaped first.

XSS Shield supports RHTML and HAML.

To install the plugin run: 

  ./script/plugin install -x http://xss-shield.googlecode.com/svn/trunk/xss-shield/








Hosted by Google Code