Michael Satterwhite wrote:
> Philip Hallstrom wrote:
>
>> Ah. Then look at
>> activesupport/lib/active_support/core_ext/string/output_safety.rb
>
> OK, I'm looking at it. I must be dense, though - or I've got a BAD case
> of tunnel vision.
>
> How do I STOP these from changing the string? I'm sure it's obvious ...
> but I'm not seeing it.
>
> BTW: Thanks for pointing me at this.
>
> ---Michael
some_string = "<script>alert("Gotcha!")</script>"
<%= h some_string %> or <%= html_escape some_string %>
=> <script>alert("Gotcha!")</script>
<%= some_string %>
=> [[ javascript alert dialog => Gotcha! ]]
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Talk" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
