Is there a way to toggle the security model so all output is escaped
by default, and passing <%=n (paragraph) %> when I do not want my
output escaped?
Having to add <%=h () %> currently to do it is cumbersome and prone to
mistakes.
Is there a way to toggle the security model so all output is escaped
by default, and passing <%=n (paragraph) %> when I do not want my
output escaped?
Having to add <%=h () %> currently to do it is cumbersome and prone to
mistakes.
But the question was if there was a way to modify the models, not erb.
(which is what changes ruby to strings) And no, there isnt a rails way
to do this you are asking, and unfortunately i dont know any plugins
that do that. I have thought about it myself a few times and if it
really bothers you id suggest writing a plugin for it. im sure it get
much appreciation.
j
On Jul 6, 10:14 pm, Matthew R. Jacobs <rails-mailing-l…@andreas-
But the question was if there was a way to modify the models, not erb.
(which is what changes ruby to strings) And no, there isnt a rails way
to do this you are asking, and unfortunately i dont know any plugins
that do that. I have thought about it myself a few times and if it
really bothers you id suggest writing a plugin for it. im sure it get
much appreciation.
j
On Jul 6, 10:14�pm, Matthew R. Jacobs <rails-mailing-l…@andreas-
no, that isn’t what he asked.
He asked about “the security model” in a generic sense.
namely he was asking about erb template escaping.
I imagine if you wanted to escape html on the model level,
you’d just want to do the following.
class Post
def content(escape=true)
if escape
helper.send(:h, self[:content])
else
self[:content]
end
end
end
that worked in rails1.1.6
dont know if it still works.
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.