Hi Reinier, --- Reinier Balt <[EMAIL PROTECTED]> wrote:
> Hi all, > > In ticket http://dev.rousette.org.uk/ticket/740 there is a report where your > layout is messed up when you use <DIV> or </DIV> in the description field. > > We use sanitize to remove malicious html from the description in the todo > partial, but using sanitize does not remove any <DIV>'s in the description > field. > > Is anyone even using html in the description? Is it ok to just replace > > <%= sanitize(todo.description) %> > > with > > <%= h todo.description %> For those ignorant few who doesn't know, could you elaborate a bit on what "h @todo.description" does? Thanks, SK __________________________________________________________ Sent from Yahoo! Mail. A Smarter Email http://uk.docs.yahoo.com/nowyoucan.html _______________________________________________ Tracks-discuss mailing list [email protected] http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss
