<?xml version="1.0" encoding="utf-8"?>
<feed xml:lang="en-us" xmlns="http://www.w3.org/2005/Atom"><title>Simon Willison's Weblog: safeerb</title><link href="http://simonwillison.net/" rel="alternate"/><link href="http://simonwillison.net/tags/safeerb.atom" rel="self"/><id>http://simonwillison.net/</id><updated>2008-01-10T18:46:04+00:00</updated><author><name>Simon Willison</name></author><entry><title>Is your Rails app XSS safe?</title><link href="https://simonwillison.net/2008/Jan/10/safeerb/#atom-tag" rel="alternate"/><published>2008-01-10T18:46:04+00:00</published><updated>2008-01-10T18:46:04+00:00</updated><id>https://simonwillison.net/2008/Jan/10/safeerb/#atom-tag</id><summary type="html">
    
&lt;p&gt;&lt;strong&gt;&lt;a href="http://www.relevancellc.com/2008/1/9/is-your-rails-app-xss-safe"&gt;Is your Rails app XSS safe?&lt;/a&gt;&lt;/strong&gt;&lt;/p&gt;
SafeErb is an interesting take on auto-escaping for Rails: it throws an exception if you try to render a string that hasn’t been untainted yet.


    &lt;p&gt;Tags: &lt;a href="https://simonwillison.net/tags/rails"&gt;rails&lt;/a&gt;, &lt;a href="https://simonwillison.net/tags/ruby"&gt;ruby&lt;/a&gt;, &lt;a href="https://simonwillison.net/tags/safeerb"&gt;safeerb&lt;/a&gt;, &lt;a href="https://simonwillison.net/tags/security"&gt;security&lt;/a&gt;, &lt;a href="https://simonwillison.net/tags/xss"&gt;xss&lt;/a&gt;&lt;/p&gt;



</summary><category term="rails"/><category term="ruby"/><category term="safeerb"/><category term="security"/><category term="xss"/></entry></feed>