Andrew Kaspick wrote: > I'm upgrading an app from 2.3.5 to 2.3.8 and there are many spots where > previous code was output correctly and now it expects html_safe method > calls to properly escape the strings. Are those who don't want to use > the new escaping behaviour in the 2.3.x branch expected to stick with > 2.3.5 from now on moving forward?
I haven't yet done the conversion of my 2.3.5 app to 2.3.8, will hopefully do so soon. I intend to do this as a first step in preparing it for Rails 3. However, as I understand it nothing should change in the escaping unless you install the rails_xss. In fact that was the problem with 2.3.6 & 2.3.7. Version 2.3.6 introduced a problem discovered by the HAML guys, and 2.3.7 was a hasty fix for that, which broken stuff for everyone else. Version 2.3.8 was supposed to get things back to normal. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
