jacek.becela-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Nov-16 14:10 UTC
ActionView::Helpers::SanitizeHelper.sanitize docs
Hello,
First sentence of sanitize() method doc says: "This sanitize helper
will html encode all tags and strip all attributes that aren''t
specifically allowed."
But sanitize("<h1>foo</h1> <bar>should html
encode</bar>") ="<h1>foo</h1> should html
encode".
Shouldn''t it html encode <bar> to <bar> ?
--
Jacek
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---
Possibly Parallel Threads
- RSpec/Webrat Checking output is properly escaped
- How to sanitize _before_ going into the database?
- ActionView::TemplateError (can't convert ActiveRecord::Error into String)
- ActionView::Template::Error (Cannot modify SafeBuffer in place):
- Make `ActionView::Helpers::InstanceTag#tag_id`, `ActionView::Helpers::InstanceTag#tag_id_with_index(index)` public?
Wisdom of the Ancients
