Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- A small test to know if Rails 3 will double-escape already escaped strings, say, you've got your typical h(str), will str be escaped once by default and then escaped once again by h()? It does not look like this will happen (tried with rails 2.3.5 and the rails_xss plugin)
- ### .erb file
- <% str = "A string that needs <strong>escaping</strong>" %>
- <p>
- Not escaped: <%= str %>
- </p>
- <p>
- Escaped with h: <%= h str %>
- </p>
- ### Output with Rails 2.3.5
- <p>
- Not escaped: A string that needs <strong>escaping</strong>
- </p>
- <p>
- Escaped with h: A string that needs <strong>escaping</strong>
- </p>
- ### Output with Rails 2.3.5 with rails_xss and erubis
- <p>
- Not escaped: A string that needs <strong>escaping</strong>
- </p>
- <p>
- Escaped with h: A string that needs <strong>escaping</strong>
- </p>
Add Comment
Please, Sign In to add comment