m4dc4p wrote:
> Funny you should mention that - I just blogged about a solution very
> much like what you describe. Check it out:
> 
> http://blog.explorationage.com/articles/2006/01/25/how-to-protect-your-rails-apps-against-cross-site-scripting-attacks

Good stuff, I posted a comment on the subject.  The gist of it being 
that is probably better make escaping the default action on all columns 
and set up a mechanism to specifically over-ride the escaping to get the 
real value.  (yeah, you could probably get smart and not bother to 
escape non-text columns).

_Kevin

-- 
Posted via http://www.ruby-forum.com/.