New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#simple_format is XSS-escaped #1194

skade opened this Issue Mar 27, 2013 · 1 comment


None yet
1 participant

skade commented Mar 27, 2013

It most likely shouldn't.

Sorry for the brief ticket, I am on the run.


This comment has been minimized.

Show comment
Hide comment

skade Mar 27, 2013


simple_format(...).html_safe helps.


skade commented Mar 27, 2013

simple_format(...).html_safe helps.

@nesquena nesquena closed this in f408241 Mar 27, 2013

WaYdotNET added a commit to WaYdotNET/padrino-framework that referenced this issue Mar 28, 2013

Merge remote-tracking branch 'upstream/master' into all-custom-error
* upstream/master:
  Fix "bootstrap.min" path of production environment
  [helpers] Escape text before simple_format
  simple_format should be marked as html_safe (Closes padrino#1194)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment