MyFunnyDev

Tonight I found a plugin to auto escape html in order to protect from XSS attacks. I’m not sure why rails doesn’t do it out of the box (you have to use h() helper). Anyway the plugin is called xss_terminate and it can be found here. The cool thing about it is that now you can forget about h() .