Project Summary
XSS Shield protects your views against cross-site scripting attacks without error-prone manual escaping with h().
Instead of:
:view, :id => item %>
You will be able to write:
:view, :id => item %>
and all your views will be automatically protected. Protection works by tagging strings you trust - which are only those escaped by h(), generated by trusted helpers (like link_to, text_area, will_paginate etc.), or explicitly marked as trusted by you. If untrusted string is to be displayed in a template it is h-escaped first.
XSS Shield supports RHTML and HAML.
To install the plugin run:
./script/plugin install -x http://xss-shield.googlecode.com/svn/trunk/xss-shield/
In a Nutshell, xss-shield...
MIT License
Permitted
Commercial Use
Modify
Distribute
Sub-License
Private Use
Forbidden
Hold Liable
Required
Include Copyright
Include License
These details are provided for information only. No information here is legal advice and should not be used as such.
This Project has No vulnerabilities Reported Against it
Did You Know...
-
...
in 2016, 47% of companies did not have formal process in place to track OS code
-
...
learn about Open Hub updates and features on the Open Hub blog
-
...
nearly 1 in 3 companies have no process for identifying, tracking, or remediating known open source vulnerabilities
-
...
anyone with an Open Hub account can update a project's tags
