07 Jun '14, 12pm

@tenderlove html_safe? does not say whether the string has been escaped, see how does the AS guide wording:

Inserting data into HTML templates needs extra care. For example, you can't just interpolate @review.title verbatim into an HTML page. For one thing, if the review title is "Flanagan & Matz rules!" the output won't be well-formed because an ampersand has to be escaped as "&". What's more, depending on the application, that may be a big security hole because users can inject malicious HTML setting a hand-crafted review title. Check out the section about cross-site scripting in the Security guide for further information about the risks.

Full article: http://guides.rubyonrails.org/active_support_core_extensi...

Tweets

The Absurd Legalism of Gender Roles: Exhibit C – “As long as I can’t see her…” Rachel Held Evans

The Absurd Legalism of Gender Roles: Exhibit C ...

rachelheldevans.com 07 Jun '14, 1pm

Exhibit A: The black belt should step aside (because she’s a girl!) Exhibit B: Boys playing with dolls unravels the moral ...

Mizuno Brand Guide

Mizuno Brand Guide

runningshoesguru.com 05 Jun '14, 8pm

“Never settle”: that is Mizuno’s motto. It sums up Mizuno’s approach to running shoes. They constantly seek to improve the...

Thank you #Rails truncate!

api.rubyonrails.org 12 Jun '14, 12am

Highlights one or more phrases everywhere in text by inserting it into a :highlighter string. The highlighter can be speci...

TGIF!: Your weekend guide (6-8 June 2014)

TGIF!: Your weekend guide (6-8 June 2014)

events.insing.com 06 Jun '14, 7am

Now that the June holidays have rolled round, we understand how difficult it might be to keep your little tykes occupied. ...

@stealing_fat ссылки нет, а гайд есть! :)

edgeguides.rubyonrails.org 29 May '14, 8pm

Active Support is a part of core Rails that provides Ruby language extensions, utilities and other things. One of the thin...