This project is archived and is in readonly mode.

#428 ✓invalid

db:fixtures:dump does not escape <%

Reported by Nataniel | June 16th, 2008 @ 10:58 AM

I have a model EmailTemplate and its email_templates db table:

create_table :email_templates do |t|

t.string :name, :limit => 100

t.text :headers, :null => true

t.text :body


These templates basically hold views for ActionMailer (within the db instead of file because of editing via admin panel). So I use the Ruby code inside the body, like:

Your e-mail is: <%= %>

When I dump the model (rake db:fixtures:dump MODEL=EmailTemplate), the code goes into the YML file without escaping:


name: xxxx

body: "Your e-mail is: <%= %>,\r\n\


This way the code gets executed while loading fixture (rake db:fixtures:load FIXTURE=templates) instead of ActionMailer... The YML file should hold the data escaped:

body: "Your e-mail is: <%%= %>,\r\n\

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href=""></a>

People watching this ticket