Fatfreecrm Fat Free CRM → Feature Requests

Comments and changes to this ticket

• 

  AlexP October 11th, 2009 @ 03:26 PM

  • Tag changed from “infrastructure” to “security”

  TODO

  1.Ensure that xss attacks/javascript are removed from all input data prior to db entry

  Solution::

  use white_list & sanitize_params plugins,

  Add to envionment.rb

  config.plugins = [:white_list, :sanitize_params, :all]

  then add in application_controller.rb

  before_filter :sanitize_params

  2.Ensure further validations for each model,

  validates_ inclusion_of, length, format_of etc for all fields,
  create e.g AccountValidations module + corresponding messages to be more descriptive

  3.Move to rails 2.3.4, vulnerability in version 2.3.2, detailed issue with http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on..., and other posts, relating to unicode XSS injections, patches are available for 2.3.2, unless using ruby 1.9

• 

  Rit Li October 20th, 2009 @ 10:48 AM

  rails_xss could be helpful as well: http://github.com/NZKoz/rails_xss

• 

  Mike Dvorkin January 12th, 2010 @ 08:40 PM

  • Milestone changed from “0.9.7 "Steinitz"” to “Feature Requests”

• You flagged this item as spam.
  

  Rearts zbaerves January 14th, 2022 @ 07:13 AM

  Here in this article we are going to cover XSS (Cross Site Scripting) and SQL injection. I will be talking about these from an SQL perspective but XSS could be the same. I will go through the whole online assignment writing services process of input sanitization and output cleansing, so if you would like some code to paste into your program or a real world example then here it is.