Skip to content
Browse files

Active Support Core Extensions guide: reworded "on one hand" and simi…

…lar to "for one thing"
  • Loading branch information...
1 parent 8bf97d1 commit 504e539166ab3528e6377ae8bcf5ddacb3572729 @roryokane roryokane committed Apr 26, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 guides/source/active_support_core_extensions.textile
View
2 guides/source/active_support_core_extensions.textile
@@ -1131,7 +1131,7 @@ h4. Output Safety
h5. Motivation
-Inserting data into HTML templates needs extra care. For example you can't just interpolate +@review.title+ verbatim into an HTML page. On one hand if the review title is "Flanagan & Matz rules!" the output won't be well-formed because an ampersand has to be escaped as "&". On the other hand, depending on the application that may be a big security hole because users can inject malicious HTML setting a hand-crafted review title. Check out the "section about cross-site scripting in the Security guide":security.html#cross-site-scripting-xss for further information about the risks.
+Inserting data into HTML templates needs extra care. For example, you can't just interpolate +@review.title+ verbatim into an HTML page. For one thing, if the review title is "Flanagan & Matz rules!" the output won't be well-formed because an ampersand has to be escaped as "&". What's more, depending on the application, that may be a big security hole because users can inject malicious HTML setting a hand-crafted review title. Check out the "section about cross-site scripting in the Security guide":security.html#cross-site-scripting-xss for further information about the risks.
h5. Safe Strings

0 comments on commit 504e539

Please sign in to comment.
Something went wrong with that request. Please try again.