All I have so far are models set up... so I'd say that's pretty minimal. Would you like to take a look at this, or do I need to pare it down further?
On Jun 24, 2:53 pm, Bryan Larsen <[email protected]> wrote: > It's certainly possible that this is a bug in the Hobo taglibs, we may > have missed a spot when adding Hobo XSS support. If you can generate > the bug on a minimal Hobo app, we'd love to take a look. > > Bryan > > > > > > > > On Fri, Jun 24, 2011 at 2:50 PM, ylluminate <[email protected]> wrote: > > Interestingly I am building an app presently and in the stock > > generated links I'm seeing an anomaly. For example, I added some > > counties who are parents of cities. Upon adding a new city, it > > selected the county appropriately, but emitted the escaped html: > > Screenshot:http://bit.ly/jIFY87 > > Code: <span class="county-tag view city-county model::county:1"><a > > class="county-link" href="/counties/1- > > jackson"><span class="view county-name > > ">Jackson</span></a></span> > > > I've not modified anything in the controllers or views so far. > > > On Jun 23, 8:12 am, Bryan Larsen <[email protected]> wrote: > >> You've run afoul of Rails cross-site scripting protection (XSS). > > >> Every part of a string has to be marked as html_safe, if there's just > >> one part that isn't, you get the behavior you've noticed. > > >> <a><%= "John Smith".html_safe %></a> > > >> I assume you're using Hobo 1.3 with Rails 3. > > >> If you're using Hobo 1.0 with Rails 2.3, turn off XSS protection, > >> because Hobo 1.0 doesn't support it. > > >> Bryan > > >> On Thu, Jun 23, 2011 at 2:41 AM, Jim Harvey <[email protected]> wrote: > >> > I'm having a problem with my links not being recognized as HTML. For > >> > example, in a table displaying all users, instead of the name with a > >> > link to the user's profile I see: > > >> > <a class="user-link" href="/admin/users/1-john-smith"><span > >> > class="view user-name">John Smith</span></a> > > >> > on the page. > > >> > As far as I know I haven't overwritten any of the standard Rapid tags > >> > that would apply in this situation. There is nothing in > >> > application.dryml or /admin/users/index.dryml that changes the default > >> > behavior. Does anyone have any clues as to where I can look to see why > >> > this escaping is going on? I know that I can overwrite it with a link > >> > but the above example is not the only place this is happening so I > >> > want to root out the cause rather than introduce an unknown number of > >> > patches. Thanks for any help you can give! > > >> > Jim > > >> > -- > >> > You received this message because you are subscribed to the Google > >> > Groups "Hobo Users" group. > >> > To post to this group, send email to [email protected]. > >> > To unsubscribe from this group, send email to > >> > [email protected]. > >> > For more options, visit this group > >> > athttp://groups.google.com/group/hobousers?hl=en. > > > -- > > You received this message because you are subscribed to the Google Groups > > "Hobo Users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group > > athttp://groups.google.com/group/hobousers?hl=en. -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
