From the course: Ruby on Rails 6: Controllers and Views
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Sanitization helpers - Ruby on Rails Tutorial
From the course: Ruby on Rails 6: Controllers and Views
Sanitization helpers
- [Instructor] In this movie, we're going to learn about sanitization helpers. We'll learn what they are and why you need them. When we talk about sanitizing content, our primary concern is to prevent something called cross site scripting or XSS for short. In cross site scripting, a hacker submits a string, which is constructed to make our browser do something we don't intend. It lets a hacker use JavaScript to script our site, that's why it's called cross site scripting. There are a lot of things that a hacker could do such as redirecting users to another web page or stealing cookies or log in information. Here's a simple example. I've just defined an evil_string that's going to pop up an alert that says "Gotcha!" It's just a placeholder for any malicious JavaScript. If at any point we output that string to one of our templates, then it could put that JavaScript into the template and the browser receiving the page…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.