> I'm the maintainer of Haml, and I've been hearing all about the new on- > by-default XSS protection stuff. I'm wondering what your plan for > compatibility with alternate templating engines is. I'd really > appreciate not having to come up with all sorts of alternate > compilation paths for Rails code with XSS protection enabled - this > would make the code much more brittle, and apt to break in odd Rails- > specific ways that will be hard for users to understand and hard for > me to track down.
Your templating engine should continue to work 100% without any errors. The 'escape-me' behaviour is limited to the erb template handler (builder already does this obviously). If you *want* on by default escaping you'll just need to work with an ActionView::SafeBuffer instead of a string. The only surprise you could get is if you use with_output_buffer and *don't* pass it a buffer, in that case it'll now default to a safe buffer. > - Nathan Weizenbaum > > > -- Cheers Koz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to rubyonrails-core@googlegroups.com To unsubscribe from this group, send email to rubyonrails-core+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
