XSS: Welcome to 2003 (or thereabouts) [ajaxian.com]

Ajaxian mentions SafeErb for Rails, an add-on to help secure that user input is safe. It does so by checking if you explicitly call a certain method to escape the user content.

OpenACS, the base for .LRN, has been doing this for awile now. We took a different approach. All content is escaped by default, and the programmer must decide when to let through unescaped content. Either way it's something all Web frameworks should support if they allow users to enter HTML. 

posted in , ,

04:59 PM, 12 Jan 2008 by Dave Bauer Permalink

Add comment
Recent Entries
Categories

AJAX (13)
Blogging (10)
Business (4)
CCK08 (1)
Connectivism Course (1)
Facebook (5)
MEL (16)
Open Learning (8)
OpenACS / .LRN (21)
LAMS (4)
LMS / Personal Learning (9)
PostgreSQL (1)
Programming (16)
Tech (13)



Authors

Caroline Meeks (109)
Dave Bauer (40)
Deds Castillo (7)
Hamilton Chua (17)
Pauline Castillo (5)
Arnel Estanislao (3)



Archive

November 2008
September 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
May 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
April 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
April 2005
March 2005
December 2004
October 2004
June 2004
May 2004
April 2004
March 2004
February 2004
December 2003
November 2003
October 2003
September 2003
August 2003



Notifications
Icon of envelope You may request notification for Solution Grove Blog.


Syndication Feed
XML


Recent Comments
  1. Eamon Costello: thanks
  2. Dave Bauer: Using clickpass
  3. Caroline Meeks: Should we put this on Solutiongrove.com, .net, .info??
  4. Jong-Dae Park: How about redirecting users to setup password for elgg
  5. Caroline Meeks: Great job!
  6. Mark Tomizawa: Bandwidth (the human kind)
  7. Hamilton Chua: ns_zlib on OpenACS
  8. Hamilton Chua: Thanks Mark
  9. Mark Aufflick: svnmerge.py saves you the pain
  10. Hamilton Chua: Mosio, Yahoo Answers on Mobile ?



Technorati Blogs
  1. Ron Almog | רון אלמוג
  2. Solution Grove - Blog
  3. Ham is a Geek
  4. Mighty Linuxz
  5. Gadgetz Center
  6. Is it Safe or Not ?
  7. ContraFactos & Argumentos