On 2/15/06, Nathaniel S. H. Brown <[EMAIL PROTECTED]> wrote: > I really like the idea of acts_as_secure/unescaped, especially with the > method missing catch as you have mentioned.
This is a bad idea. It assumes data from ActiveRecord models only ever displayed on the web. This ignores email templates, logging, etc from within web apps, not to mention applications using ActiveRecord outside the web. The issue is in output from ERb html templates, that's where it should be solved. Any solution shouldn't affect non-web apps, or even web apps using other templating engines. As for how it's solved, I agree with the principle of security as default, but also that there should be no breaking changes before 2.0. If we enhance ERb making <%= safe and <%~ dangerous output, the behaviour should be configured by a flag, defaulting to off before 2.0 and on after. Perhaps it would also be OK if freshly generated rails apps had the flag set to true in environment.rb before 2.0. I'm not sure. Finally, I think I prefer <%!= for dangerous output, but does that look too much like not-equal? Tom -- nick: tomafro
_______________________________________________ Rails-core mailing list Rails-core@lists.rubyonrails.org http://lists.rubyonrails.org/mailman/listinfo/rails-core
