Giters

jgill / xss_killer

prevents xss without h proliferation

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

XSS Killer

XSS Killer protects Rails apps from XSS vulnerabilities without h, sanitize, or taint/untaint proliferation.

how it works

XSS Killer will escape ActiveRecord string and text attributes when they're being read in an html view. When reading attributes in any other context, the model will return the original values as stored in the database.

installing as a gem

In environment.rb:

config.gem "xss\_killer", "0.1.0"

usage

For specific models:

class SomeModel < ActiveRecord::Base
  kills\_xss :allow_injection => [:name], :sanitize => [:description, :body]
end

For all models:

class ActiveRecord::Base
  kills\_xss
end

requirements

Rails >= 2.0

maintainer

Dan Manges

source

hosted on github

license

Released under Ruby's license

About

prevents xss without h proliferation

Languages

Language:Ruby 100.0%