tags:

views:

16

answers:

1
Q: 

Validation of Facebook Badge in Rails form

I would like users of my Rails application to be able to submit their Facebook Badge as input in a form, but I absolutely want to to verify that what they provide is a valid Badge, not something that may compromise the security of my system (Javascript ...).

Is there a good way to validate a form field that contains a Facebook Badge?

+1  A: 

I'm not sure if you could safely develop something that would validate badges. By "safely" I mean something that wouldn't generate false negatives (or false positives) if/when Facebook happens to change their implementation of badges (as they are wont to do with many parts of their platform).

What you can do is use something like HTML Purifier to ensure that the input doesn't contain malicious tags.

Peter Bailey  2010-09-07 17:53:44
-1 Tidy doesn't prevent XSS... http://htmlpurifier.org/comparison
Basiclife  2010-09-07 17:57:31
Woah, no need to be a vote nazi about it - a simple comment is all it takes. Updated my link.
Peter Bailey  2010-09-07 18:01:02
:D Removed my -1 - And you get a +1 for the sense of humour :)
Basiclife  2010-09-08 21:48:59
Thanks Peter for both your suggestions. I will go for using their API
Christer Fernstrom  2010-09-09 11:47:08

related questions

Is there a rake task for backing up the data in your database?
How to represent cross-model information in MVC?
WYSIWYG editor gem for Rails?
Best Solution For Authentication in Ruby on Rails
Acts-as-readable Rails plugin Issue
Associating source and search keywords with account creation
Any tips on getting Rails to run with an Access back-end?
Being as DRY as possible in a Ruby on Rails App
How Do You Secure database.yml?
What IDE to use for developing in Ruby on Rails on windows?
Is Ruby On Rails ready for the Enterprise?
OpenID authentication in Ruby on Rails
Why Doesn't My Cron Job Work Properly?
Why does sqlite3-ruby-1.2.2 not work on OS X?
Ruby mixins and calling super methods
Why all the Active Record hate?
Haml: how do I set a dymanic class value?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Ruby On Rails with Windows Vista - Best Setup?
What is good forum software to add to an existing Rails application?
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.