Created
November 30, 2009 19:10
-
-
Save jaimeiniesta/245657 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| A small test to know if Rails 3 will double-escape already escaped strings, say, you've got your typical h(str), will str be escaped once by default and then escaped once again by h()? It does not look like this will happen (tried with rails 2.3.5 and the rails_xss plugin) | |
| ### .erb file | |
| <% str = "A string that needs <strong>escaping</strong>" %> | |
| <p> | |
| Not escaped: <%= str %> | |
| </p> | |
| <p> | |
| Escaped with h: <%= h str %> | |
| </p> | |
| ### Output with Rails 2.3.5 | |
| <p> | |
| Not escaped: A string that needs <strong>escaping</strong> | |
| </p> | |
| <p> | |
| Escaped with h: A string that needs <strong>escaping</strong> | |
| </p> | |
| ### Output with Rails 2.3.5 with rails_xss and erubis | |
| <p> | |
| Not escaped: A string that needs <strong>escaping</strong> | |
| </p> | |
| <p> | |
| Escaped with h: A string that needs <strong>escaping</strong> | |
| </p> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment