The item about URL validation overlaps a bit with the 3rd item in the Handling user input section. I suggest you combine your item about URL validation with that existing item.
In the item about render inline, are you sure <%= rm -rf / %> is possible? I'm not aware that the ERB interpreter can run shell commands like that without calling system, syscall, exec or something like that.
Great contribution, thanks :)
A couple of notes:
render inline
, are you sure<%= rm -rf / %>
is possible? I'm not aware that the ERB interpreter can run shell commands like that without callingsystem
,syscall
,exec
or something like that.