On Thu, 15 Nov 2007 09:04:47 -0500, Russell Norris wrote: > try h(content_tag(:div, "Foo")) then. and see why you might not want > to assume everything should be html escaped. > > RSL
No, that's why I said a special operator, and not a method. I know that if you tried to escape some content that you would get undesirable results. So the HAML engine would see .notes= and escape the content that's output there, vs seeing something like .somehtml=* and not escape it. Whatever the =<symbol> is doesn't matter. The idea there being something that would be otherwise invalid ruby syntax which would not conflict with existing code following '=' operators, since this could conceivably be an optional piece of functionality. The HAML engine would see a '=' and peek ahead one char, if it formed =<symbol> then it doesn't escape, otherwise it wraps the output in h(). Some may still say well why not just =h and be done with it, and again the point is that that's not secure by default. '=' being the shortest character sequence required for output would be the most secure. Steve --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Haml" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/haml?hl=en -~----------~----~----~----~------~----~------~--~---
