By escaping the html your customers input you potentially disable a lot of cool features.
For example we use html to make links in todo list items in basecamp all the time. Couldn't do that if it was escaped. On 2/12/06, Francois Beausoleil <[EMAIL PROTECTED]> wrote: > Am I reading this right ? 3 places ? I use it on every list screen I > have. I don't trust the admin interfaces anymore than I would trust a > public comments form. So, I even HTML escape product names and codes. -- Tobi http://shopify.com - modern e-commerce software http://typo.leetsoft.com - Open source weblog engine http://blog.leetsoft.com - Technical weblog _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
