I've been thinking about the best way to do this integration. I'll definitely have a look at your fork when I get a chance.
On Sat, Oct 10, 2009 at 11:48 AM, Bruno Michel <[email protected]> wrote: > > Hi, > > the future releases of Rails, 2.3.5 and 3.0, will mark string as > html_safe if they can be outputted safely. You can see the details about > that on this commit for the 2.3 branch: > > http://github.com/rails/rails/commit/80da8eb43dfabb4ca9f0adcb431882d03e6388bb > . > > The idea behind this change is to have an on-by-default XSS escaping in > Rails. RailsXss (http://github.com/nzkoz/rails_xss) is a plugin for > Rails 2.3 that brings this safety by using erubis. > > Haml has a already an option for automatically escaping HTML strings, > but it can be improved by not escaping strings that are already marked > as html_safe. > > For example, the following line should output a link: > Click on #{link_to 'this link', '/this-link'} > If the auto-escaping is enabled, haml will escape it, but Rails marks > the result of link_to as safe, so haml should not escape it. > > I've tried to modify the code of haml, but I'm not very confident in my > changes, so a code review is welcomed. > > The changes are on github: http://github.com/nono/haml/tree/rails_xss. > > ++ > Bruno > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Haml" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/haml?hl=en -~----------~----~----~----~------~----~------~--~---
