Any timeline on the html issue? Are there a lot of issues on the rails 3 branch or only a few?
On Apr 11, 9:56 am, Nic <[email protected]> wrote: > Oh I meant the overly-escaped html in Rails 3. > > On Apr 6, 10:29 am, Bruno Bornsztein <[email protected]> > wrote: > > > > > Nic, > > Which fix are you referring to, specifically? Thanks, > > Bruno > > > On Wed, Apr 6, 2011 at 9:26 AM, Nic <[email protected]> wrote: > > > Any word on the progress of this fix or how long it might be until it > > > is done? > > > > Thanks, > > > -Nic > > > > On Mar 14, 7:16 am, hewbrocca <[email protected]> wrote: > > > > The problem is not working out how to unescape HTML -- CE already stores > > > > safe HTML unescaped in its database, having passed it through WhiteList > > > > before storing it to ensure that it is not, in fact, malicious. The > > > problem > > > > is deciding when and how to override Haml's default escaping of HTML it > > > > sends to the browser. The safe thing to do is probably to override HTML > > > > escaping only where it's needed (preserve sanitized user formatting, > > > etc.), > > > > but you could argue that since CE is very careful about what it already > > > > stores in the database and sends to the browser, you don't need the > > > > extra > > > > level of protection from Rails/Haml. I'm hoping Bruno will weigh in and > > > > suggest the right way to handle this such that he would accept a patch. > > > > > --Hugh > > > > -- > > > You received this message because you are subscribed to the Google Groups > > > "CommunityEngine" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group at > > >http://groups.google.com/group/communityengine?hl=en. -- You received this message because you are subscribed to the Google Groups "CommunityEngine" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/communityengine?hl=en.
