Yeah. This is one of the example of things that were supposed to be implementation detail and became a widely used method, just like `arel_table`. It is not that you can't use it at all, but that you should be very careful when using it. Like I said almost 90% of its usages can be avoided using `sanitize` or the proper tag helpers.
I agree we should improve the education about this subject. On Fri Feb 06 2015 at 2:02:20 PM George Millo <georgejulianmi...@gmail.com> wrote: > I didn't realise I wasn't supposed to be using html_safe. Perhaps the > documentation should be updated to make this clearer? > > On 6 February 2015 at 16:50, Rafael Mendonça França < > rafaelmfra...@gmail.com> wrote: > >> Renaming this method is not an option. >> >> The main reason is: it should not be used by end users. It is an >> implementation detail of the framework and although it is exposed to the >> users we don't recommend to use it directly. >> >> So when Andrew said "we should rename it to something even longer so >> that people don't use it" it was a joke, but just a half joke. We really >> don't want to people to use it. >> >> Almost 90% of the cases that people use `html_safe` what they really >> wanted is `sanitize`. Also, some day HTML escaping implementation could >> change `html_safe` be completely gone. >> >> This is why we have the `raw` method, to expose a public API to disable >> the HTML escaping without exposing the implementation detail. >> >> So I don't think we should rename an "internal" method to make it >> explicit to end users. >> > >> On Fri Feb 06 2015 at 1:41:36 PM Ufuk Kayserilioglu <u...@paralaus.com> >> wrote: >> >>> IMHO, the target audience is largely an irrelevant concern. The more >>> important concept is making users fall into the "pit >>> <http://blog.codinghorror.com/falling-into-the-pit-of-success/> of >>> success <http://blogs.msdn.com/b/brada/archive/2003/10/02/50420.aspx>". >>> In that light, the proposed renaming makes sense. >>> >>> Don't forget, the clearer the intention of the method the better it is >>> for both novice and experienced programmers. >>> >>> -- >>> Ufuk Kayserilioglu >>> >>> >>> On 6 February 2015 at 17:24:17, Nicolas Cavigneaux (n...@bounga.org) >>> wrote: >>> >>> Le 6 févr. 2015 à 16:21, Jason Fleetwood-Boldt a écrit : >>> >>> > >>> > Is Rails' API coded for the neophyte or the experienced dev? >>> > >>> > The eternal question. >>> >>> For people who know how to read basic, essential doc and well documented >>> stuff? >>> >>> -- >>> Nicolas Cavigneaux >>> www.bounga.org >>> www.cavigneaux.net >>> >>> >>> >>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ruby on Rails: Core" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to rubyonrails-core+unsubscr...@googlegroups.com. >>> To post to this group, send email to rubyonrails-core@googlegroups.com. >>> Visit this group at http://groups.google.com/group/rubyonrails-core. >>> For more options, visit https://groups.google.com/d/optout. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Ruby on Rails: Core" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to rubyonrails-core+unsubscr...@googlegroups.com. >>> To post to this group, send email to rubyonrails-core@googlegroups.com. >>> Visit this group at http://groups.google.com/group/rubyonrails-core. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> > You received this message because you are subscribed to a topic in the >> Google Groups "Ruby on Rails: Core" group. >> To unsubscribe from this topic, visit >> https://groups.google.com/d/topic/rubyonrails-core/T9N5wexIg80/unsubscribe >> . >> To unsubscribe from this group and all its topics, send an email to >> rubyonrails-core+unsubscr...@googlegroups.com. >> > >> To post to this group, send email to rubyonrails-core@googlegroups.com. >> Visit this group at http://groups.google.com/group/rubyonrails-core. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to the Google Groups > "Ruby on Rails: Core" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to rubyonrails-core+unsubscr...@googlegroups.com. > To post to this group, send email to rubyonrails-core@googlegroups.com. > Visit this group at http://groups.google.com/group/rubyonrails-core. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To unsubscribe from this group and stop receiving emails from it, send an email to rubyonrails-core+unsubscr...@googlegroups.com. To post to this group, send email to rubyonrails-core@googlegroups.com. Visit this group at http://groups.google.com/group/rubyonrails-core. For more options, visit https://groups.google.com/d/optout.