…lity with Rails 3.
This consists of: * String#html_safe! a method to mark a string as 'safe' * ActionView::SafeBuffer a string subclass which escapes anything unsafe which is concatenated to it * Calls to String#html_safe! throughout the rails helpers * a 'raw' helper which lets you concatenate trusted HTML from non-safety-aware sources (e.g. presantized strings in the DB) Note, this does *not* give you on-by-default XSS escaping in 2.3 applications. To get that you'll need to install a plugin: http://github.com/nzkoz/rails_xss
…tant so ActionView can be used standalone
…ed markup. Signed-off-by: Michael Koziarski <firstname.lastname@example.org> [#166 state:resolved]
… them out with custom implementations. Closes #10129. [rick] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@8213 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
…] Changed SanitizeHelper#sanitize to only allow the custom attributes and tags when specified in the call [DHH] git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@7825 5ecf4fe2-1ee6-0310-87b1-e25e094e27de