similar to: Rails 2.3.8 still escaping html in strings

Hi, Can somebody update me on the state of html_safe strings in rails 2.3.8? I know rails 2.3.6 and 2.3.7 broke a lot of code because strings were being escaped when they shouldn''t have been and I thought this was all fixed in 2.3.8. I''m upgrading an app from 2.3.5 to 2.3.8 and there are many spots where previous code was output correctly and now it expects html_safe method

Hi folks, I spotted an HTML escaping bug in Xapian::MSet::snippet() while working on the code. This issue has been assigned CVE-2018-0499 (though currently there's no useful information on cve.mitre.org for it). I've added a wiki page for it here: https://trac.xapian.org/wiki/SecurityFixes/2018-07-02 The intended behaviour is that the selected input text is escaped for use in HTML,

I''ve got an app which users can edit the ERB templates for emails, the changes aren''t taking effect till the app restarts though because config.action_view.cache_template_loading = true I''ve seen various comments that suggest it has to be true when in Production for thread safety - is Rails actually running in a threaded manner yet? Surely this is a none issue at the

Hi guys, I''m new to this list and it seems you are my last hope. How can I prevent Rails from automatically escaping HTML entities when creating a hyperlink? You know, link_to( ... :title => ''This is „quoted“'') returns ''This is „quoted“'' because Rails escapes the ampersands to &. Is there a way I

Hi, i just discover dovecot, and it's what i always wanted to have i read that it support qmail Maildir, i use postfix, but read on postfix site that postfix Maildir are compatible with qmail. so i have something like /var/mail/vhosts/domaine.tld/testuser/ i tried a simple setup to 'test' auth_userdb = static uid=500 gid=500 home=/var/mail/vhosts/%d/%n auth_passdb = passwd-file

Hi I have a wysiwyg html ditor in my app. How do I escape html written to the database and encoding when I display the content> Ty Pieter -------------- next part -------------- An HTML attachment was scrubbed... URL: http://wrath.rubyonrails.org/pipermail/rails/attachments/20060815/d8c50941/attachment.html

A lot of the traffic on this list involves questions that may be better suited for a forum environment. RailsForum.com has people of all experience levels and, while very new, is proving to be a useful place for getting help. Just in case folks hadn''t heard about it, - Danger -------------- next part -------------- An HTML attachment was scrubbed... URL:

Alan Coopersmith (1): configure: Use LT_INIT from libtool 2 instead of deprecated AC_PROG_LIBTOOL Matt Turner (1): libXft 2.3.8 Thomas E. Dickey (3): add check for missing glyph in XftFontCheckGlyph() issue 17: libxft-2.3.7: Bold fonts in urxvt missing leftmost pixels issue 18: Problems with rotated text (monospace font only) git tag: libXft-2.3.8

How can I get a single backslash in a character string? My goal is to escape dots in a string that will be used as a regular expression. I thought I could do it this way: gsub(".", "\\.", x) Unfortunately, "\\" does not represent a literal backslash as I expected, but rather a pair of backslashes: > "\\." [1] "\\." > "\\" [1]

Hi! In the rsync man page under " -8, --8-bit-output", it says: . . . All control characters (but never tabs) are always escaped, regardless of this option's setting. The escape idiom that started in 2.6.7 is to output a literal backslash (\) and a hash (#), followed by exactly 3 octal digits. For example, a newline would output as "\#012". A literal backslash

i just went through the following tutorial on creating a sortable table: http://dev.nozav.org/rails_ajax_table.html it appears to work as it is supposed to except for the fact that my links are being written wrong. the "&" symbol is being replaced with & therefore creating this as my url: http://localhost:3000/item/list?sort=qty&query= instead of

I have a field where a user might need to enter text that includes greater than and less than signs. I am using in_place_editor_field, so I need a way to tell it to escape html entities (convert to > and <) when displaying and NOT escape html entities (just show the greater than and less than signs) when editing. Any ideas? --~--~---------~--~----~------------~-------~--~----~ You

Cit?t Timo Sirainen <tss at iki.fi>: > On 6 Apr 2017, at 14.58, azurit at pobox.sk wrote: >> >> Hi, >> >> i'm trying to resolve few problems with indexing 'From' headers >> using FTS/Solr. I was tcpdumping the communication between Dovecot >> and Jetty/Solr and noticed that 'From' headers, which includes also >>

I have a legacy application I ported from Rails 2.x. I found that the escaping was occurring where it shouldn''t, like in creation of forms, and I couldn''t turn it off. I found two mechanisms that should have disabled it, a function safe_html, which is supposed to mark a string as not needing to be escaped. The other is raw, which similarly indicates that a string should be output

Instead of continuing the thread hijack, I''ve started a new one.... Douglas Livingstone wrote: > 2006/1/22, Kevin Olbrich <kevin.olbrich@duke.edu>: >> >> You know, this has been bothering me a bit lately. If the point of >> doing an html escape on the output is to prevent security problems, >> wouldn''t it make sense for the default action on

On 06.04.2017 14:58, azurit at pobox.sk wrote: > Hi, > > i'm trying to resolve few problems with indexing 'From' headers using > FTS/Solr. I was tcpdumping the communication between Dovecot and > Jetty/Solr and noticed that 'From' headers, which includes also > sender's name, are double escaped. This is what was Dovecot sending to > Solr: > >

On 6 Apr 2017, at 14.58, azurit at pobox.sk wrote: > > Hi, > > i'm trying to resolve few problems with indexing 'From' headers using FTS/Solr. I was tcpdumping the communication between Dovecot and Jetty/Solr and noticed that 'From' headers, which includes also sender's name, are double escaped. This is what was Dovecot sending to Solr: > >

Hi All, I realize this has been addressed ad naseum, but I simply cannot seem to solve my issue despite many hours of mucking about. I am attempting to run a command like: rsync -prvl --delete --stats --progress -e 'ssh -p 22 -i /root/.ssh/id_dsa' backup/company/data/current_backup/company_Ralf/doc\\\ -\\\ network/

Hi, i'm trying to resolve few problems with indexing 'From' headers using FTS/Solr. I was tcpdumping the communication between Dovecot and Jetty/Solr and noticed that 'From' headers, which includes also sender's name, are double escaped. This is what was Dovecot sending to Solr: </field><field name="from">Name Surname &amp;lt;test at

Is there any way to disable image_tag''s automatic escaping of special html entities in it''s :alt tag? Example: >From the controller: @sale[''title''] = ''My Company Product&copy;'' In the view: <%= image_tag(''path/to/file.png'', :alt => @sale[''title'']) %> Output: <img alt="My Company