Please sign in to comment.
truncate() should not try to produce HTML-safe output
As discussed in Lighthouse ticket #4825 and ticket #4878, the truncate() method cannot guarantee safe output for all possible inputs/offsets, so it is best to leave the output unsafe so that it gets escaped when used in a view. Signed-off-by: Santiago Pastorino <firstname.lastname@example.org> Signed-off-by: David Heinemeier Hansson <email@example.com>
- Loading branch information...
Showing with 8 additions and 22 deletions.