Simon Willison’s Weblog

Is your Rails app XSS safe? SafeErb is an interesting take on auto-escaping for Rails: it throws an exception if you try to render a string that hasn’t been untainted yet.

Posted 10th January 2008 at 6:46 pm

Recent articles

JustHTML is a fascinating example of vibe engineering in action - 14th December 2025
OpenAI are quietly adopting skills, now available in ChatGPT and Codex CLI - 12th December 2025
GPT-5.2 - 11th December 2025

rails 74 ruby 72 safeerb 1 security 569 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe