I have setup a rubyforge project called 'autoescape' that includes a quick plugin that implements the ability to automatically escape text columns from the database. If you feel adventurous, all you need to do is drop it in your plugin directory.
http://rubyforge.org/projects/autoescape/ or svn://rubyforge.org//var/svn/autoescape If you wish to get the raw attribute text, simply use 'attribute_raw'. You can also make a column raw by default by declaring 'acts_as_raw :column' in the model definition. There are some important limitations to note. Most importantly, it uses the ActiveRecord after_find callback. This means that if you are using this callback already, you will need to call super in your callback routine somewhere or it will not run at all. There is also room for some performance enhancements as well. However, it does work on rail 1.0 (not tested on edge yet). It may also cause unexpected behavior in forms because the form fields will be populated with 'escaped' text by default. This release is intended to be a proof-of-concept version. The goal is to see if it is useful, causes all sorts of unexpected problems, or both. Suggestions for improving the code are welcome. _Kevin On Wednesday, February 15, 2006, at 6:40 PM, Kevin Olbrich wrote: >Yeah, I'm fiddling with this now. >Turns out to be a bit tricker than I thought, but should be doable. > >_Kevin > >On Wednesday, February 15, 2006, at 12:31 PM, David Heinemeier >Hansson wrote: >>I think the time has come for less talk and more code. Make a plugin >>that implements this. Use it for a month. If you still like it and >>find the trade-offs to be reasonable, ask other people to give it a >>swing. Once there's a critical mass of acceptance, let's discuss how >>we can use those learnings to possibly improve the default approach in >>Rails. >>-- >>David Heinemeier Hansson >>http://www.loudthinking.com -- Broadcasting Brain >>http://www.basecamphq.com -- Online project management >>http://www.backpackit.com -- Personal information manager >>http://www.rubyonrails.com -- Web-application framework >>_______________________________________________ >>Rails-core mailing list >>[email protected] >>http://lists.rubyonrails.org/mailman/listinfo/rails-core > > > > > >-- >Posted with http://DevLists.com. Sign up and save your time! >_______________________________________________ >Rails-core mailing list >[email protected] >http://lists.rubyonrails.org/mailman/listinfo/rails-core -- Posted with http://DevLists.com. Sign up and save your time! _______________________________________________ Rails-core mailing list [email protected] http://lists.rubyonrails.org/mailman/listinfo/rails-core
