Caching doesn't escape loaded values from cache store

[Imomoi]

In Rails 3.2.1 cells doesn't escape cached values after reading them from database.

Our workaround for this issue is config/initializers/cells_fix.rb:

Cell::Base.class_eval do
  def render_state(state, *args)
    rendered_state = super(state, *args)
    return rendered_state.html_safe if rendered_state.respond_to?(:html_safe)
    rendered_state
  end
end

[apotonick]

Huh? Does that appear in a cached scenario, only? Why isn't the cached view escaped already, then?

[Imomoi]

It's appear only when cell is loaded from cache. When cell renders without cache all works correctly.

In Rails they do safe_concat after getting value from cache: https://github.com/rails/rails/blob/master/actionpack/lib/action_view/helpers/cache_helper.rb#L36

[apotonick]

But... the cached view should be escaped already. They (the Rails core) change this every other week. Did that work for you in Rails 3.0 and 3.1?

[Imomoi]

hm, dunno. We are using caching since Rails 3.2 only.

[apotonick]

I close this because we don't do escaping anymore in Cells 4 - only for defined properties, which should make this issue obsolete.