Skip to main content

Group Chat with ActionCable: Part 6 Discussion

General • Asked by Chris Oliver

Wow! This was an amzing guide!
Is it still safe if you input <script>alert("wow");</script> in the message body??
it seems the body is raw.

Isn't it why we always want to use controller's renderer? so that you can leave the worries like this behind?

Yeah, you'll want to sanitize it. I can't cover everything in the series, so that's one you'll have to add in. Good catch, it'll be useful for anyone else following this to be aware of that.

Login or Create An Account to join the conversation.

Subscribe to the newsletter

Join 27,623+ developers who get early access to new screencasts, articles, guides, updates, and more.

    By clicking this button, you agree to the GoRails Terms of Service and Privacy Policy.

    More of a social being? We're also on Twitter and YouTube.