Created
October 28, 2016 09:31
-
-
Save dkumar431/5e01ecd1cebfb8ddcc65a6ce883fb6eb to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%#= '<script>alert("Hii")</script>' %> | |
| <!--The above will escape by default--> | |
| <%#= '<script>alert("Hii")</script>'.html_safe %> | |
| <!--The above will alert Hii because we are marking the string as safe.--> | |
| <%#= h('<script>alert("Hii")</script>') %> | |
| <!--Its same as the first one.--> | |
| <%#= raw('<script>alert("Hii")</script>') %> | |
| <!--The above will alert Hii because raw = "".to_s.html_safe--> | |
| <%= sanitize '<script>alert("Hii")</script>' %> | |
| <!--removes the script tag and prints alert("Hii") --> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment