XSS Shield protects your views against cross-site scripting attacks without error-prone manual escaping with h().
Instead of:
:view, :id => item %>
You will be able to write:
:view, :id => item %>
and all your views will be automatically protected. Protection works by tagging strings you trust - which are only those escaped by h(), generated by trusted helpers (like link_to, text_area, will_paginate etc.), or explicitly marked as trusted by you. If untrusted string is to be displayed in a template it is h-escaped first.
XSS Shield supports RHTML and HAML.
To install the plugin run:
./script/plugin install -x http://xss-shield.googlecode.com/svn/trunk/xss-shield/
Commercial Use
Modify
Distribute
Sub-License
Private Use
Hold Liable
Include Copyright
Include License
These details are provided for information only. No information here is legal advice and should not be used as such.