A Single Programmer's Blog

Well, it seems I jumped the gun. In Security issue in Liquid::Template, I thought I had a found a problem with the Liquid template engine. Instead, I should have looked more closely at what I do:

The details can be found at #render on the Ruby on Rails API. Seems like it’s time for us to switch to using render :text.

I am sorry for any scare I caused. If I had run a separate test case, I’d have immediately seen I was in error, and not Liquid.

Search

I am François Beausoleil, a Ruby on Rails coder. During the day, I work on XLsuite. At night, I am interested many things. Read my biography

Tags

activerecord (4) ajax (1) amazon,sqs,aws,background processes (1) andand (1) ar (1) associations (2) authentication (1) auto_scope (1) aws (1) budgetapp (2) bug (2) callbacks (1) capistrano (2) ci (1) cliaws (3) code-generation (1) conditions (2) console (1) continuous-integration (1) continuousintegration (1) contributions (1) control (2) conversion,flash,tips (14) cookies (1) core (1) cron (1) csv (1) defensio (2) desktop (1) development (1) documentation (2) dreamhost,customer support (0) editor (1) email,html email,rails,actionmailer (4) engine (1) engines (3) error (1) events (1) exceptions (1) export (1) extensions (1) fastcgi (1) firefox,web,browser (0) fixtures (3) flash (2) functional (1) functional-testing (2) funny (1) gem (3) general (1) general,rails (5) generator (2) git (10) git,git-svn (10) git,svn,version-control,woes (11) git,version-control,ruby,library (14) git-svn (2) gutsy gibbon,ubuntu,linux (1) habtm (3) hack (1) helpers (1) hiring (1) hosting (1) humor (1) job offer (0) library (1) link (2) liquid,markup,security (2) liquid,security,markup (2) logging (1) mac (1) mendicant (1) mephisto (4) migration (1) migrations (3) money (1) montreal on rails (4) mor (2) mor,mor7,google charts (2) mor3 mor piston (25) mor9 (2) musings (1) observer (1) open source (0) opensource (1) patch (1) patterns (1) piston (23) piston,release (25) platform (1) pledgie (1) plugins (13) progress (1) quirks (1) ragan (1) rails (4) rails,deprecation,tip,trick (5) rais (1) recruitment (1) relationships (1) release (4) repository (1) routing (2) ruby (3) rubyfringe (4) rubyfringe,conference (4) rubyfringe-2008 (1) s3 (1) scgi (1) scm (8) scope (3) screencast (1) seaside (5) seaside smalltalk todo (5) security (2) serialization (2) session (2) smalltalk (4) smalltalk,rails (8) smalltalk,ruby (7) spec-testing (1) sqs,amazon,aws (1) statistics (1) sti (1) subversion (2) svn (4) tempfile (1) testing (4) tips (12) tips'n'tricks (2) todo (1) todoapp (2) tools (4) trick (1) ubuntu (1) ubuntu,linux,desktop,butsy gibbon (1) unit (2) unit-testing (8) upgrade (2) user-interface (3) version (2) version-control (2) virtualization (1) windows (3) xlsuite (1) xunit (1)

A Single Programmer's Blog

by François Beausoleil

Liquid::Template security issue: not a problem

Leave a Reply

Search

Tags

Links

Projects I work on

Categories

Archives