1) Does scaffolding (and in particular the show() method) do any escaping of strings coming from the database? I did a quick check, and it doesn''t seem to (or possibly it only escapes "dangerous" code, and it was smart enough to see that mine was not dangerous). 2) A lot of the documentation for testing seems to refer to an older configuration. Now, out of the box, it expects you to use a transactional database and does not create all the conveniance instance variables. I''ve only found one online resource that discusses this (not hosted on the RoR website). Is there any "official" documentation to the new testing setup? -Rich-