This project is archived and is in readonly mode.

#3535 ✓committed
Mathieu Arnold

New XSS protections breaks yaml

Reported by Mathieu Arnold | December 2nd, 2009 @ 02:17 PM | in 2.3.6

This is correct :

 >> ('foo' + 'baar').to_yaml
 => "--- foobaar\n"

This, on the other hand, feels way wrong :

 >> ('foo' << 'baar').to_yaml
 => "--- !str \nstr: foobaar\n"@_rails_html_safe": false\n"

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Tags

Referenced by

Pages