jacek.becela-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org
2007-Nov-16 14:10 UTC
ActionView::Helpers::SanitizeHelper.sanitize docs
Hello, First sentence of sanitize() method doc says: "This sanitize helper will html encode all tags and strip all attributes that aren''t specifically allowed." But sanitize("<h1>foo</h1> <bar>should html encode</bar>") ="<h1>foo</h1> should html encode". Shouldn''t it html encode <bar> to <bar> ? -- Jacek --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk-unsubscribe-/JYPxA39Uh5TLH3MbocFFw@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en -~----------~----~----~----~------~----~------~--~---
Reasonably Related Threads
- RSpec/Webrat Checking output is properly escaped
- How to sanitize _before_ going into the database?
- ActionView::TemplateError (can't convert ActiveRecord::Error into String)
- ActionView::Template::Error (Cannot modify SafeBuffer in place):
- Make `ActionView::Helpers::InstanceTag#tag_id`, `ActionView::Helpers::InstanceTag#tag_id_with_index(index)` public?