This extension is part of the Rack::Protection project. Run gem install rack-protection to have it available.


Prevented attack

XSS

Supported browsers

all

More infos

en.wikipedia.org/wiki/Cross-site_scripting

</dl>

Automatically escapes Rack::Request#params so they can be embedded in HTML or JavaScript without any further issues. Calls html_safe on the escaped strings if defined, to avoid double-escaping in Rails.

Options:

escape

What escaping modes to use, should be Symbol or Array of Symbols. Available: :html (default), :javascript, :url

</dl>