diff options
| author | Arun Agrawal <arunagw@gmail.com> | 2014-08-15 15:43:21 +0200 |
|---|---|---|
| committer | Arun Agrawal <arunagw@gmail.com> | 2014-08-15 15:43:21 +0200 |
| commit | 967a2ff9989bbf36d283ee447cfcc41750e8b025 (patch) | |
| tree | 98fe61d1e3dee05d3f6fceb98197fc8e732e9b50 /guides | |
| parent | 60b2d29ee155707946dec8c0c1faf0cf7ba4aab5 (diff) | |
| download | rails-967a2ff9989bbf36d283ee447cfcc41750e8b025.tar.gz rails-967a2ff9989bbf36d283ee447cfcc41750e8b025.tar.bz2 rails-967a2ff9989bbf36d283ee447cfcc41750e8b025.zip | |
Fixed link for in_place_editor [ci skip]
closes #16512
Diffstat (limited to 'guides')
| -rw-r--r-- | guides/source/security.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/guides/source/security.md b/guides/source/security.md index ebfcc5bdd0..d27ec5423f 100644 --- a/guides/source/security.md +++ b/guides/source/security.md @@ -847,7 +847,7 @@ It is recommended to _use RedCloth in combination with a whitelist input filter_ NOTE: _The same security precautions have to be taken for Ajax actions as for "normal" ones. There is at least one exception, however: The output has to be escaped in the controller already, if the action doesn't render a view._ -If you use the [in_place_editor plugin](http://dev.rubyonrails.org/browser/plugins/in_place_editing), or actions that return a string, rather than rendering a view, _you have to escape the return value in the action_. Otherwise, if the return value contains a XSS string, the malicious code will be executed upon return to the browser. Escape any input value using the h() method. +If you use the [in_place_editor plugin](https://github.com/rails/in_place_editing), or actions that return a string, rather than rendering a view, _you have to escape the return value in the action_. Otherwise, if the return value contains a XSS string, the malicious code will be executed upon return to the browser. Escape any input value using the h() method. ### Command Line Injection |