[Rails3] Default escaping in views

presidentbeef · May 12, 2011 · 186834d · 186834d
1 parent 8ec5edb
commit 186834d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/lib/scanner.rb b/lib/scanner.rb
@@ -53,7 +53,7 @@ def process_config
       @processor.process_config(RubyParser.new.parse(File.read("#@path/config/gems.rb")))
     end
 
-    if File.exists? "#@path/vendor/plugins/rails_xss"
+    if File.exists? "#@path/vendor/plugins/rails_xss" or OPTIONS[:rails3]
       tracker.config[:escape_html] = true
       warn "[Notice] Escaping HTML by default"
     end