@@ -5,7 +5,7 @@ class MainController < Ramaze::Controller end def create - Task.create( :description => request[ 'description' ] ) + Task.create( :description => h( request[ 'description' ] ) ) redirect Rs( :/ ) end src/main.rb d0c0e34371cc8ab299c288c45fa4080bccb3128b Pistos gitsomegrace.5.pistos@geoshell.com http://github.com/Pistos/ramaze-todolist-tutorial/commit/0dc42c428e9d54a80f25bb42e12a0ec47ee52b3b 0dc42c428e9d54a80f25bb42e12a0ec47ee52b3b 2008-11-19T16:29:33-08:00 2008-11-19T16:29:33-08:00 Cleanse user input with h(). 6200daa61581932914c57242d6ad289a485d1f1a Pistos gitsomegrace.5.pistos@geoshell.com