Skip to content

Amended json_escape comments #14028

merged 1 commit into from Feb 6, 2015

4 participants


As it stands, the security of json_escape is a bit misleading. Clarifying that user-generated content must still be html_escaped if being inserted into the DOM via JQuery's html() method, since this is such a common use case.

Described here: #13073 (comment)

@uberllama uberllama Amended json_escape comment to clarify that user-generated content mu…
…st still be html_escaped if being inserted ingot he DOM via JQuery's html() method.
Ruby on Rails member
senny commented Feb 12, 2014
@chancancode chancancode self-assigned this Mar 13, 2014
@chancancode chancancode added JRuby and removed JRuby labels Jun 26, 2014
@rafaelfranca rafaelfranca merged commit de9313c into rails:master Feb 6, 2015

1 check failed

Details default The Travis CI build failed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.