This project is archived and is in readonly mode.

#428 ✓invalid
Nataniel

db:fixtures:dump does not escape <%

Reported by Nataniel | June 16th, 2008 @ 10:58 AM

I have a model EmailTemplate and its email_templates db table:

create_table :email_templates do |t|

t.string :name, :limit => 100

t.text :headers, :null => true

t.text :body

end

These templates basically hold views for ActionMailer (within the db instead of file because of editing via admin panel). So I use the Ruby code inside the body, like:

Your e-mail is: <%= @user.email %>

When I dump the model (rake db:fixtures:dump MODEL=EmailTemplate), the code goes into the YML file without escaping:

template_00002:

name: xxxx

body: "Your e-mail is: <%= @user.email %>,\r\n\

(...)

This way the code gets executed while loading fixture (rake db:fixtures:load FIXTURE=templates) instead of ActionMailer... The YML file should hold the data escaped:

body: "Your e-mail is: <%%= @user.email %>,\r\n\

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Tags

Pages