开发者

Turn on html_safe for the entire app in Rails 3

开发者 https://www.devze.com 2023-01-19 10:22 出处:网络
Rails 3 turns off the html_safe option by default. I want to revert this thing. I have a rails 2.3.8 app getting converted to rails 3. Almost every page breaks because of the rails3 default html_safe

Rails 3 turns off the html_safe option by default. I want to revert this thing. I have a rails 2.3.8 app getting converted to rails 3. Almost every page breaks because of the rails3 default html_safe setting. Is there any way I can revert this to where it was in previous versions o开发者_如何学运维f rails ? Please help


No, there isn't and even if there is, you shouldn't.

It's a good habit to test (and update) your app using the rails_xss plugin in Rails 2.3.x before actually starting the conversion to Rails 3. Also, you should have a valid test suite in place so that every error will be spotted by the test suite and you can easily fix it.

Don't try to upgrade unless you have completed these two simple steps. There are also a few other suggestions.


As a side note: Current versions of Rails 3 HTML-escape also non-HTML templates, which is a bug. See: https://rails.lighthouseapp.com/projects/8994/tickets/4858

I'm posting this here, because I found this question while investigating the bug mentioned above, but didn't fine that ticket or anything about this bug on the interwebs. (Bad google skills?) Hope it saves someone time.

0

精彩评论

暂无评论...
验证码 换一张
取 消