effect, to watch out for the fact that it is not idempotent.
It is still quite possible to output 2<4, 2<4 or 2&lt;4. Choose between:
On Tue, Dec 22, 2009 at 1:15 PM, Andy Peterson <a
...@carbonfive.com> wrote:
> Since you're asking,
> I would prefer to work on muting the warning rather than having the h
> routine not do what it is told.
> My reasoning is that trying to make an encoding method idempotent doesn't
> really seem
> feasible. Without some additional metadata, it doesn't know whether the
> text is was
> given was encoded yet... then it starts making heuristic guesses which are
> harder for
> programmers to reason about and use.
> Sometimes I want 2<4, sometimes 2<4, and sometimes even 2&lt;4.
> Andy
> On Tue, Dec 22, 2009 at 10:36 AM, John Firebaugh <john.fireba...@gmail.com>
> wrote:
>> > It's on the "output" branch but I'd like to get some resolution on the
>> > Rails issues from the other thread so we can get this stuff onto the
>> > main branch.
>> Working on it.
>> Would anyone object to changing Widget#h to be idempotent, i.e.
>> h(text) returns raw(text.html_escape), and h(h(text)) doesn't
>> double-escape? It would make integrating with rails output safety
>> easier, would match the behavior of ERB::Util.h in rails 3.0 and
>> 2.3+rails_xss plugin, and we could remove this warning:
>> # Note that the #text method automatically HTML-escapes
>> # its parameter, so be careful *not* to do something like
>> text(h("2<4"))
>> # since that will double-escape the less-than sign (you'll get
>> # "2&lt;4" instead of "2<4").
>> --
>> You received this message because you are subscribed to the Google Groups
>> "erector" group.
>> To post to this group, send email to erector@googlegroups.com.
>> To unsubscribe from this group, send email to
>> erector+unsubscribe@googlegroups.com.
>> For more options, visit this group at
>> http://groups.google.com/group/erector?hl=en.
> --
> Andy Peterson | Carbon Five | 415.546.0500 x17 |
> mailto:a...@carbonfive.com
