Sorry, I had a little typo in my code. That should read: <%= raw render :partial => 'mypartial' %>
(Note the order in which raw is called.) On May 24, 8:38 pm, Dee <[email protected]> wrote: > Hey all, > > Just wondering if there is any reason that the new XSS safety code in > 2.3.7 is escaping my partials. That don't seem right! > > I've overcome it temporarily by throwing in a "raw" like this: > <%= render raw :partial => 'mypartial' %> > > It's also escaping any inline <SCRIPT> tags in the templates. (This > may be by design, I dunno.) > > In advance of some responses that might come from this question, I've > already read the update I've copied below and don't think it applies > here since I installed the rails_xss plugin. > > TIA, > Dee > > "Update: fixing compatibility with the rails_xss plugin broke HTML- > safety for apps that don’t use rails_xss. We’re sorry, all: HTML- > safety is meant to be opt-in! The fix is available now in 2.3.8.pre1 > and will be released shortly." > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/rubyonrails-talk?hl=en. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
