On Aug 15, 4:52 am, Frederick Cheung <[email protected]> wrote: [...] > Personally though I'd > store unsanitized text in the database and sanitize it when displaying > (having escaped text in the database might make your editing bits > rather more complicated).
Maybe. If you're just using plain text, then just store it plain in the database and escape it on output. However, if you want to allow HTML tags for formatting, then the database should contain HTML fragments and *not* be escaped on output. Either way, though, h() on before_save is probably a bad idea. > > Fred Best, -- Marnen Laibow-Koser http://www.marnen.org [email protected] --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
