Did you forget about the always-on XSS escaping? Fixing just that took me more t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		speleding on June 15, 2011 \| parent \| context \| favorite \| on: What’s Up With All These Changes in Rails? Did you forget about the always-on XSS escaping? Fixing just that took me more than a week on a large project. (I still think there should have been an option to switch it off for old projects.)

jarin on June 15, 2011 [–]

Oh yeah, I don't remember it being THAT bad with haml. I think it was mostly just adding .html_safe in some helpers, but I could be misremembering.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact