2006/2/12, Tobias Luetke <[EMAIL PROTECTED]>: > By escaping the html your customers input you potentially disable a > lot of cool features. > > For example we use html to make links in todo list items in basecamp > all the time. Couldn't do that if it was escaped.
Isn't Textile quite suited to this sort of task ? Wouldn't it be safer ? I don't personnaly use Basecamp, but if I remember correctly, many people view the pages, so what prevents a bad user from doing: <a href="some link" onclick="do potentially bad thing here">Click me !</a> ??? Thanks ! -- François Beausoleil http://blog.teksol.info/
_______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
