I was just reading a blog post, about how PHP applications lack so much as far as security goes, and it got me thinking that Rails should come default secure, and you should have to force it to be less secure.
On that note, I came up with the idea of having <%= default to use the XSS safe (or soon to be) h method. So, <%=h var %> and <%= var %> are really the same. Any thoughts? -Nb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nathaniel S. H. Brown http://nshb.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
