On Tue, 2008-06-24 at 09:56 -0500, Jeff Gipson wrote: > But I also wonder... If HTML will not be displayed in output, > shouldn't we run the 'h' method on form data before the > ActiveRecord#save method is run; and also should there be some > validation being done to prevent saving of data with illegal character > sequences?
Probably not, since you would still want HTML to be displayed, just not interpreted by the browser. Would be nice to just say "Fix the <div> stuff in Tracks" and have it work. Showing it with h() let's you do that, but it should still be saved as normal text for it to do that. Kind regards, Hans
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Tracks-discuss mailing list [email protected] http://lists.rousette.org.uk/mailman/listinfo/tracks-discuss
