On 12.2.2006, at 19.18, Francois Beausoleil wrote:
2006/2/12, Tobias Luetke <[EMAIL PROTECTED]>:
By escaping the html your customers input you potentially disable a
lot of cool features.
For example we use html to make links in todo list items in basecamp
all the time. Couldn't do that if it was escaped.
Isn't Textile quite suited to this sort of task ? Wouldn't it be
safer ?
Textile gets interpreted to html in the input phase in all but the
most trivial applications. After that, you can't anymore use the h
version, because the stuff displayed is stored as html. So we're now
talking about output while textile is mainly relevant in input.
Besides, you can use html tags in default textile, too.
//jarkko
--
Jarkko Laine
http://jlaine.net
http://odesign.fi
_______________________________________________
Rails-core mailing list
[email protected]
http://lists.rubyonrails.org/mailman/listinfo/rails-core
