All of those helper functions would obviously need to be changed so that they work with the default <%=h methods. The <%= tag could be smart enough to realize what it is parsing, and if it's a helper method, to skip it.
It's an abstract idea. If it's worth investigating, we can look at how to implement it, on a more specific level. Especially what implications it has, as you have mentioned. As far as I am concerned, these are minor details which can be ironed out with a bit of creativity. -Nb ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Nathaniel S. H. Brown http://nshb.net ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf > Of Tobias Luetke > Sent: February 11, 2006 9:04 PM > To: [email protected] > Subject: Re: [Rails-core] Default <%= to use the h (html safe) method. > > huh? that would break url_for, link_to, textilize, markdown > and every single other helper which outputs html tags. I use > the h helper in like 3 different places in shopify, thats > definitely the exception. > > > On that note, I came up with the idea of having <%= default > to use the > > XSS safe (or soon to be) h method. > > -- > Tobi > http://shopify.com - modern e-commerce software > http://typo.leetsoft.com - Open source weblog engine > http://blog.leetsoft.com - Technical weblog > _______________________________________________ > Rails-core mailing list > [email protected] > http://lists.rubyonrails.org/mailman/listinfo/rails-core > _______________________________________________ Rails-core mailing list [email protected] http://lists.rubyonrails.org/mailman/listinfo/rails-core
