[Rails-core] Default <%= to use the h (html safe) method.
David Heinemeier Hansson
david.heinemeier at gmail.com
Sun Feb 12 16:06:32 GMT 2006
Allow me to chime in with the fact that this would work poorly for
applications that actually allow user-inputted HTML, such as Basecamp.
I would not want to do <%=unescape_h on all of my outputs to negate
the effects of this.
But as others have suggested, plugins are a great way of changing
Rails in ways specific to your environment. If you feel that =h is a
major burden, then rock on with that plugin. It's a great way of
sharing extensions that are not suited for "most people, most of the
time".
--
David Heinemeier Hansson
http://www.loudthinking.com -- Broadcasting Brain
http://www.basecamphq.com -- Online project management
http://www.backpackit.com -- Personal information manager
http://www.rubyonrails.com -- Web-application framework
More information about the Rails-core
mailing list