Posts Tagged: xss
-
Understanding and Fixing CVE-2007-3227: The ActiveRecord to_json XSS Vulnerability
A look back at CVE-2007-3227, examining how ActiveRecord's to_json method in early Rails versions could lead to XSS vulnerabilities.
-
CWE-79, Cross-Site Scripting (XSS) in Rails: Protecting Your Views
A deep dive into Cross-Site Scripting (XSS) vulnerabilities in Ruby on Rails, focusing on how to protect your application's views from malicious user input.
-
Fixing CVE-2006-2581: Resolving Cross-Site Scripting in Legacy RWiki Installations
Learn how to fix CVE-2006-2581, a Cross-Site Scripting vulnerability in RWiki versions 2.1.0pre1 through 2.1.0, through upgrading or implementing proper HTML sanitization.
-
Fixing CVE-2023-28362: Mitigating XSS via redirect_to in Action Pack
Learn how to mitigate CVE-2023-28362, a Cross-Site Scripting (XSS) vulnerability related to the redirect_to method in Ruby on Rails Action Pack.
-
Improving Frontend Security with Strict Content Security Policies in Rails 8
Learn how to mitigate Cross-Site Scripting (XSS) and meet compliance requirements using nonce-based Strict Content Security Policies (CSP) in Rails 8.