On 10 Nov 2008, at 22:12, Mario Peterscheck wrote:
> > Hi, > > what about writing <%= h(@foo) %> in the view? I heard it's necessary > for every information out of the database, I just couldn't find any > information 'bout that? > That escapes the text, ie < becomes < and so on. If users are just inputting raw text this prevents against them using characters which have special significance whether malicious (users trying to insert funny tags into the page) or not (users don't have to know about writing & instead of &) > ... and what about writing -%> ? What's that for? In which situation? > That's to do with suppressing the empty lines you would otherwise get in the output for stuff like <% if ... %> ... <% end %> > > Greetings > Mario > -- > Posted via http://www.ruby-forum.com/. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
