Hey all, Just wondering if there is any reason that the new XSS safety code in 2.3.7 is escaping my partials. That don't seem right!
I've overcome it temporarily by throwing in a "raw" like this: <%= render raw :partial => 'mypartial' %> It's also escaping any inline <SCRIPT> tags in the templates. (This may be by design, I dunno.) In advance of some responses that might come from this question, I've already read the update I've copied below and don't think it applies here since I installed the rails_xss plugin. TIA, Dee "Update: fixing compatibility with the rails_xss plugin broke HTML- safety for apps that don’t use rails_xss. We’re sorry, all: HTML- safety is meant to be opt-in! The fix is available now in 2.3.8.pre1 and will be released shortly." -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
