I understand the escaping of text going into views. Normally the browser turns the entity back into visible characters. Apparently when the update form is inserted this does not happen. It would be a security hole to always ditch the escaping as in other contexts the browser would see the > as markup. The JavaScript doing the insert should really be processing the entities. The to_label method does not have enough context.
Michael Sent from my iPad On Mar 12, 2011, at 6:19 AM, vhochstein <[email protected]> wrote: > Hi, > > please take a look at rails h() method to find your answer. > > -- > Volker > > > On Mar 9, 6:01 pm, Michael Latta <[email protected]> wrote: >> Has anyone else noticed that if an object to_label includes "<" or ">" they >> display in the update form title as the entitity < or >? Is this >> because of updates coming from AJAX and not being parsed as HTML directly? >> >> Michael > > -- > You received this message because you are subscribed to the Google Groups > "ActiveScaffold : Ruby on Rails plugin" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/activescaffold?hl=en. > -- You received this message because you are subscribed to the Google Groups "ActiveScaffold : Ruby on Rails plugin" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/activescaffold?hl=en.
