I notice that a lot of HTML that should not be escaped is being escaped. It looks like Haml escaping is turned on by default in Rails 3 for XSS protection. This is obviously a good thing. Question is, for strings that are known safe (i.e. they've been passed through white_list before going into the db), will it now be required to update all the HTML with "!=" to disable escaping? Is there some easier way to handle this?
(goes without saying this is on the 3.1-beta branch) Thanks, --Hugh -- You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/communityengine?hl=en.
