Convert html entities? Just use html_safe?
15 views
Skip to first unread message
Linus Pettersson
Dec 18, 2011, 5:50:29 PM12/18/11
to rubyonra...@googlegroups.com
Hi!
I'm importing lots of products via XML. Some characters like the swedish å, ä, ö are encoded as å for instance. When I print it I just append .html_safe to make it appear correct.
Is this a good and safe approach or should I convert the characters in some other way?
jsnark
Dec 27, 2011, 10:59:51 AM12/27/11
to Ruby on Rails: Talk
It depends.
If the strings are entered by the user you should stay away from using
html_safe because you open your application to html injection attacks.
If the strings come from a trusted source, it is OK to use html_safe.
On Dec 18, 5:50 pm, Linus Pettersson <linus.petters...@gmail.com>
wrote:
If the strings are entered by the user you should stay away from using
html_safe because you open your application to html injection attacks.
If the strings come from a trusted source, it is OK to use html_safe.
On Dec 18, 5:50 pm, Linus Pettersson <linus.petters...@gmail.com>
wrote:
Reply all
Reply to author
Forward
0 new messages