




























Last month on the Rails core mailing list, a thread popped up (that went on and on) wherein the idea was proposed that rhtml templates should automatically sanitize output by default. After much back and forth, David suggested those in favor redirect their energies toward a working plugin.
Enter stage left, Erubis. It’s a customized implementation of eRuby that provides a handful of features, notably that <%= %> tags automatically sanitize output. You use <%== %> if you don’t want to sanitize the output. For all those who wish rhtml files were sanitized by default, here is your solution.
Configure your Rails apps to use Erubis templates with ActionView::Base::register_template_handler.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。