DEVHIDE
Login Or Sign up

FCKEditor with Rails Security Vulnerability

350 Views Asked by At

I am using FCKEditor in my Ruby on Rails Application. Users add blog posts using FCKEditor.

Then I display blog posts using

@blog.body.html_safe

I know FCKEditor is escaping any javascript code but what if a user posted a request with direct parameters and setting blog post body including some javascripts. This may be security Vulnerability.

Any idea how can I used FCKEditor with Rails safe?

ruby-on-rails ruby-on-rails-3 fckeditor html-safe
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

We can use white list HTML sanitizer to escape all tags except some formatting tags.

Sanitize

Related Questions in RUBY-ON-RAILS

Related Questions in RUBY-ON-RAILS-3

Related Questions in FCKEDITOR

Related Questions in HTML-SAFE

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.