XSS Killer protects Rails apps from XSS vulnerabilities without h, sanitize, or taint/untaint proliferation.
how it works
XSS Killer will escape ActiveRecord string and text attributes when they're being read in an html view. When reading attributes in any other context, the model will return the original values as stored in the database.
installing as a gem
config.gem "xss\_killer", "0.1.0"
For specific models:
class SomeModel < ActiveRecord::Base kills\_xss :allow_injection => [:name], :sanitize => [:description, :body] end
For all models:
class ActiveRecord::Base kills\_xss end
Rails >= 2.0
hosted on github
Released under Ruby's license