Yes,. I installed it yesterday after 2.3.7 because it was recommended. I have since upgraded to 2.3.8.pre1 (which still reports it is 2.3.7 btw) and get similar results as before.
I have since noticed it not all of the partials that are getting escaped, just the ones being called inside a content_for block. Easy repro. That might be the key, eh? It still doesn't seem right. On May 24, 11:51 pm, Jeremy Kemper <[email protected]> wrote: > On Mon, May 24, 2010 at 5:38 PM, Dee <[email protected]> wrote: > > Just wondering if there is any reason that the new XSS safety code in > > 2.3.7 is escaping my partials. That don't seem right! > > Definitely not right! Are you using the latest rails_xss plugin > fromhttp://github.com/rails/rails_xss? > > jeremy > > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Talk" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group > athttp://groups.google.com/group/rubyonrails-talk?hl=en. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
