I am upgrading a Rail 3 application and for some reason the line
<%= javascript_include_tag :defaults %>开发者_如何学Go;
produces
<script src="/javascripts/prototype.js?1292866092" type="text/javascript"></script>
<script src="/javascripts/effects.js?1292866092" type="text/javascript"></script>
<script src="/javascripts/dragdrop.js?1292866092" type="text/javascript"></script>
<script src="/javascripts/controls.js?1292866092" type="text/javascript"></script>
<script src="/javascripts/rails.js?1292866092" type="text/javascript"></script>
<script src="/javascripts/application.js?1292608980" type="text/javascript"></script>
Adding a 'raw' infront of the tag works but I'm trying to figure out the real reason why it is doing this. The stylesheet tag above it works fine. I'm confused. Any help?
The culprit was a plugin (semantic_form_builder) that overrides the default rails helpers. I don't think there is an update for it although it shouldn't take much to make it rails3 compatible.
I hope to move to simple_form in the future anyway.
Rails 3 automatically escapes html for Xss protection instead of <%= h .. %> which was used in Rails 2.x.
Learn more about it http://railscasts.com/episodes/204-xss-protection-in-rails-3
精彩评论