Oh I meant the overly-escaped html in Rails 3. On Apr 6, 10:29 am, Bruno Bornsztein <[email protected]> wrote: > Nic, > Which fix are you referring to, specifically? Thanks, > Bruno > > > > On Wed, Apr 6, 2011 at 9:26 AM, Nic <[email protected]> wrote: > > Any word on the progress of this fix or how long it might be until it > > is done? > > > Thanks, > > -Nic > > > On Mar 14, 7:16 am, hewbrocca <[email protected]> wrote: > > > The problem is not working out how to unescape HTML -- CE already stores > > > safe HTML unescaped in its database, having passed it through WhiteList > > > before storing it to ensure that it is not, in fact, malicious. The > > problem > > > is deciding when and how to override Haml's default escaping of HTML it > > > sends to the browser. The safe thing to do is probably to override HTML > > > escaping only where it's needed (preserve sanitized user formatting, > > etc.), > > > but you could argue that since CE is very careful about what it already > > > stores in the database and sends to the browser, you don't need the extra > > > level of protection from Rails/Haml. I'm hoping Bruno will weigh in and > > > suggest the right way to handle this such that he would accept a patch. > > > > --Hugh > > > -- > > You received this message because you are subscribed to the Google Groups > > "CommunityEngine" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > >http://groups.google.com/group/communityengine?hl=en.
-- You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/communityengine?hl=en.
