I ran into this today on a different project. The fix I am using is the " html_safe" String method. It handles the unescaping of html that is known to be safe.
# unescaped version of the html_description instance variable content_item.html_description.safe_html # --> <span><i>HTML description</i></span> \ Here's a blurb: Unescape HTML output in Rails 3 using html_safe: http://bit.ly/i1ya84 On Sun, Mar 13, 2011 at 2:06 PM, hewbrocca <[email protected]> wrote: > I notice that a lot of HTML that should not be escaped is being escaped. It > looks like Haml escaping is turned on by default in Rails 3 for XSS > protection. This is obviously a good thing. Question is, for strings that > are known safe (i.e. they've been passed through white_list before going > into the db), will it now be required to update all the HTML with "!=" to > disable escaping? Is there some easier way to handle this? > > (goes without saying this is on the 3.1-beta branch) > > Thanks, > --Hugh > > -- > You received this message because you are subscribed to the Google Groups > "CommunityEngine" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/communityengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/communityengine?hl=en.
