Does scaffolding (and in particular the show() method) do any
escaping of strings coming from the database? I did a quick check,
and it doesn’t seem to (or possibly it only escapes “dangerous” code,
and it was smart enough to see that mine was not dangerous).
A lot of the documentation for testing seems to refer to an older
configuration. Now, out of the box, it expects you to use a
transactional database and does not create all the conveniance
instance variables. I’ve only found one online resource that
discusses this (not hosted on the RoR website). Is there any
“official” documentation to the new testing setup?