Skip to main content
Ask A Question
You’re not receiving notifications from this thread.

Group Chat with ActionCable: Part 6 Discussion

General • Asked by Chris Oliver

Wow! This was an amzing guide!
Is it still safe if you input <script>alert("wow");</script> in the message body??
it seems the body is raw.

Isn't it why we always want to use controller's renderer? so that you can leave the worries like this behind?

Yeah, you'll want to sanitize it. I can't cover everything in the series, so that's one you'll have to add in. Good catch, it'll be useful for anyone else following this to be aware of that.

Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 31,353+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.