Ruby on Rails Security Project

Exploring the Security of Rails and friends.

Ruby on Rails Security Project header image 4

Entries from January 2008

InvalidAuthenticityToken for in_place_editing?

January 18th, 2008 · 1 Comment

There is a problem with InvalidAuthenticityToken errors that are raised in the methods for the in_place_editing plugin. This happens in Rails 2.0.2 (and possibly earlier versions). It's because there is no authenticity_token sent at all. You can apply this patch until there is a new version out.
If you have something like this:
<%= in_place_editor("title", {:url => […]

[Read more →]

Tags: Uncategorized

SafeErb for Rails 2

January 6th, 2008 · 5 Comments

Update: See this comment for how to fix problems with HelperMethods.
You might have noticed that the SafeErb plugin does not work in Rails 2 applications. That is because of old method signatures used in the plugin. The author has put up a blog post (in japanese) about a new version created by Aaron Bedra which […]

[Read more →]

Tags: Uncategorized