I stumbled on the fact that text_area_tag does not HTML escape its
content by default. For example:
text_area_tag “body”, “”
At the very least, are we amendable to adding a note in the
FormTagHelper docs about the escaping rules?
I stumbled on the fact that text_area_tag does not HTML escape its
content by default. For example:
text_area_tag “body”, “”
At the very least, are we amendable to adding a note in the
FormTagHelper docs about the escaping rules?
On Feb 15, 8:10 pm, mla [email protected] wrote:
I found a ticket on this issue from a couple years ago from Chris M.
but it looks like it was dropped:http://dev.rubyonrails.org/ticket/5929
I’ve put up an updated ticket and patch:
Since making that first patch two years ago, the corresponding
text_area method in FormHelper now escapes its contents by default, so
I think there’s a good case for text_area_tag having the same
behaviour, for consistency’s sake if nothing else.
Chris
On Feb 15, 8:10 pm, mla [email protected] wrote:
I found a ticket on this issue from a couple years ago from Chris M.
but it looks like it was dropped:http://dev.rubyonrails.org/ticket/5929
I’ve posted a new ticket on Lighthouse with an up-to-date patch:
I also noticed that the text_area method in FormHelper actually does
escape its contents now, so text_area_tag probably should do the same
for consistency’s sake if nothing else.
Chris
This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.
Sponsor our Newsletter | Privacy Policy | Terms of Service | Remote Ruby Jobs