I haven't personally suffered the agony of magic quotes, but the problem seems to have been that it didn't unescape well and that it would break methods that were not expecting escaped text.
My contention is that those methods were already broken because they were unsecure and/or couldn't handle escaped text. Using the autoescaping features just made it obvious. I also agree with David that this particular technology is well suited to a plugin. In fact there already is a plugin that almost does the job (except that you have to turn on the security instead of turning it off). I suppose it would also be good practice to write unit tests that feed methods escaped vs. unescaped input to make sure your code is robust. _Kevin On Tuesday, February 14, 2006, at 9:22 PM, Kyle Maxwell wrote: >I can't help but think that by Rails 2.0, we'll think of this >potential "feature" the same way as the PHP community thinks of magic >quotes. > >-kyle > >_______________________________________________ >Rails-core mailing list >Rails-core@lists.rubyonrails.org >http://lists.rubyonrails.org/mailman/listinfo/rails-core > -- Posted with http://DevLists.com. Sign up and save your time! _______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
