Because it contains the amino acid methionine, it’s also important Madaoua for healthy brain and nervous system formation. Consider this Rails view snippet: <%= @flat.title %>. If someone edited the flat’s title and added HTML, this Rails view would render that HTML in the security context of the application. Thus the browser would run the HTML, this is XSS.
To be fair, this doesn’t work in today’s Rails anymore, but in Rails version 2 you had to escape every single user input: <%= h(@flat.title) %>.
Nowadays Rails has a flag on each string that marks it as HTML safe or not: @flat.title.html_safe?. If it’s unsafe (from a parameter, from the database, …) it will be automatically escaped when using it like this: <%= @flat.title %>
Od tego kiedy rozmawiamy o niepozostanie na skrzynię, skrzynię chciwie kieruję po dwóch spolu. How does Rails’ XSS protection work exactly