Robert Walker wrote: > Andrew Kaspick wrote: >> Exactly. I'm not using the rails_xss plugin, but the escaping rules are >> not as they were in 2.3.5. String literals were "safe" in 2.3.5, but >> aren't in 2.3.8... a minor difference with huge implications. > > I created a quick-n-dirty test app. See the result here: > > http://www.ruby-forum.com/topic/214314#new
2.3.8 should not require the use of "raw" to do what worked out of the box in 2.3.5 and every release before that if rails_xss is not installed. 2.3.8>> " ".html_safe? => false That result right there is why "raw" would be required now in 2.3.8 and not in 2.3.5. String literals in 2.3.8 should not be false... in rails 3 though that is correct and the expected result. -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
