Hacker Newsnew | comments | show | ask | jobs | submit login

You'd think. Rails 3 is supposed to handle this, Haml has that setting I enabled...



There are other ways to get XSS bugs than bad html escaping. For example, if you redirect to a user-provided location, they can inject javascript and/or http headers.

-----




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: