This project is archived and is in readonly mode.

#3767 ✓committed
Adam McCrea

[PATCH] simple_format output should not be HTML-escaped in Rails 3

Reported by Adam McCrea | January 21st, 2010 @ 06:20 PM | in 2.3.6

Since the default behavior of Rails 3 is to escape all Ruby strings in HTML, we're forced to use raw() on simple_format() to get it behaving as expected. IMO, since the purpose of simple_format is to inject HTML into a string, it should also take care to prevent that HTML from being escaped.

Likewise, I think simple_format() should automatically escape the string that is passed to it. This seems to go along with the Rails 3 assumption that no string is safe unless explicitly stated.

Separate patches are attached for each of these changes.

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

Tags

Referenced by

Pages