[Rails] rails3 xss escaping

Ruby on Rails Monday, August 30, 2010

Hi.

Is there a way to disable the default xss escaping of everything in
rails3?

What's the proper way of doing string concatenations like below with
rails3 if xss escaping can not be disabled:
"something #{link_to('something else') if value == true}"

--
M.

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.

Posted by Ruby on Rails at 11:06 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)