Project Summary
XSS Shield protects your views against cross-site scripting attacks without error-prone manual escaping with h().
Instead of:
:view, :id => item %>
You will be able to write:
:view, :id => item %>
and all your views will be automatically protected. Protection works by tagging strings you trust - which are only those escaped by h(), generated by trusted helpers (like link_to, text_area, will_paginate etc.), or explicitly marked as trusted by you. If untrusted string is to be displayed in a template it is h-escaped first.
XSS Shield supports RHTML and HAML.
To install the plugin run:
./script/plugin install -x http://xss-shield.googlecode.com/svn/trunk/xss-shield/
In a Nutshell, xss-shield...
MIT License
Permitted
Commercial Use
Modify
Distribute
Sub-License
Private Use
Forbidden
Hold Liable
Required
Include Copyright
Include License
These details are provided for information only. No information here is legal advice and should not be used as such.
This Project has No vulnerabilities Reported Against it
Did You Know...
-
...
use of OSS increased in 65% of companies in 2016
-
...
anyone with an Open Hub account can update a project's tags
-
...
65% of companies leverage OSS to speed application development in 2016
-
...
by exploring contributors within projects, you can view details on every commit they have made to that project
