search for: rails_xss

Hi, Can somebody update me on the state of html_safe strings in rails 2.3.8? I know rails 2.3.6 and 2.3.7 broke a lot of code because strings were being escaped when they shouldn''t have been and I thought this was all fixed in 2.3.8. I''m upgrading an app from 2.3.5 to 2.3.8 and there are many spots where previous code was output correctly and now it expects html_safe method

Hello guys, I went into milestones page (https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/milestones) and found out that Rails 2.3.6 was due Jan 15, 2010. Does it mean all tickets in that milestone should be cleared first? If so, then I would pay attention to clear tickets in that bucket first. Thank you, Prem Sichanugrist (sikachu) -- You received this message because you are

...ape(flash[msg.to_sym])), :class => "message #{msg}") unless flash[msg.to_sym].blank? end messages end I am not sure how to make it html_safe so that Rails 3 renders it properly. No problems with Rails 2.3.8, but I had to mark the entire method "safe_method" using rails_xss plugin. Is there a rule to doing this kind of view sanitization? Thanks. Bharat -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/...