Hi, I''ve just finished reading "Beginning Ruby on Rails E-Commerce"... phew... On page 398, it says: Caution: Although textilize is a cool quick-and-dirty helper, as a rule of thumb, it should never be used in a production setting. Why? And what''s the alternative? Thanks. Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Sam, I can''t speak for the author but I''ve been under the impression that textilize alone wasn''t considered secure. I''ve been given the impression that alone textilize doesn''t clean text quite like sanitize does. I suspect that a textilize and sanitize solution would be safe. Textilize alone may be open to some javascript hacks. I''m not certain on this. Can anyone confirm or refute? Carl --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Dupe. http://www.ruby-forum.com/topic/88338#168117 Did you not get the answers you needed in your original posting? -DJCP -- Posted via http://www.ruby-forum.com/. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
ssk wrote:> I''ve just finished reading "Beginning Ruby on Rails E-Commerce"... > phew... > On page 398, it says: > > Caution: Although textilize is a cool quick-and-dirty helper, as a rule > of thumb, it should never be used in a production setting. > > Why? > And what''s the alternative?Hi Sam, The same page presents the alternative: do the textilization when the object is saved and save the textilized output in the database. That way you just output straight html and avoid using the textilize helper in the display phase. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Jarkko Laine wrote:> ssk wrote: > > I''ve just finished reading "Beginning Ruby on Rails E-Commerce"... > > phew... > > On page 398, it says: > > > > Caution: Although textilize is a cool quick-and-dirty helper, as a rule > > of thumb, it should never be used in a production setting. > > > > Why? > > And what''s the alternative? > > Hi Sam, > > The same page presents the alternative: do the textilization when the > object is saved and save the textilized output in the database. That > way you just output straight html and avoid using the textilize helper > in the display phase.Hi Jarkko, You''re one of the authors of the book, right? Thank you very much for the answer. Now I know what the caution means. textilize methos in itself is ok. But it should be used when saving in DB not as a help in the view. Regards, Sam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---