> > > > Is anyone even using html in the description? Is it ok to just
> replace > > > > <%= sanitize(todo.description) %> > > > > with > > > > <%= h todo.description %> > > For those ignorant few who doesn't know, could you elaborate a bit on > what "h @todo.description" > does? > Sorry, the h function makes sure that special html characters are translated (escaped) so that your webbrowser shows the special characters instead of interpreting them and showing the result For example, if description contains '<b>this is bold</b>', in current tracks this is displayed as 'this is bold'. If you use h, it will be transformed into <b>this is bold<b> and a webbrowser will display it as '<b>this is bold</b>' Problems start when you have malformed html in the description in the case without the h function. Then the layout of the complete page can be messed up, as described in the ticket. So currently you can use html to format the description. When we switch to the h function, you cannot use html to format the description anymore. Personally I only use markup in the notes, not in the description. But I don't want to blindly remove a feature because I'm not using it myself. Regards, Reinier
_______________________________________________ Tracks-discuss mailing list [email protected] http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss
