Fixing raw HTML error pages from Facebooker
I am using Facebooker for Facebook Connect with Rails 2.3.5 with the rails_xss plugin, which escapes HTML by default unless you use raw.
I recently started seeing exceptions that looked like this:
The top of the HTML contains a &...
XSS Vulnerability in Ruby on Rails
There is a vulnerability in the escaping code for the form helpers in
Ruby on Rails. Attackers who can inject deliberately malformed unicode
strings into the form helpers can defeat the escaping checks and inject
arbitrary HTML.
Versio...
