Frederick Cheung wrote: > On 21 Jul 2010, at 01:56, Abder-Rahman Ali wrote: > >> In the "Head First Rails" book, it mentions that "h" in <%=h...%> is a >> helper method. >> >> Can someone describe what that means? And, when should I use <%=h...%>? >> Is it when I want the result to be displayed on my view for example? > > h is short for html_escape. You're probably end up using it nearly every > time you display user entered data (or you may be at the risk of xss > attacks). From rails 2.3.8 there's a different way of handling this - > strings have a notion of whether they are safe or not > > Fred
Thanks a lot everyone for your replies. Fred, can you just clarify? - html_escape - XSS attacks Thanks a lot. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
