aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSean Griffin <sean@thoughtbot.com>2014-11-24 14:07:27 -0700
committerSean Griffin <sean@thoughtbot.com>2014-11-24 14:09:00 -0700
commit0349516ddbb712680b1b47ef160206946252a2d3 (patch)
treecbcd70b9fc6d7621cbb36994bfed8ae49999e587
parent47728d53aa94b50297d38e4c15441ae12b6ca9f8 (diff)
downloadrails-0349516ddbb712680b1b47ef160206946252a2d3.tar.gz
rails-0349516ddbb712680b1b47ef160206946252a2d3.tar.bz2
rails-0349516ddbb712680b1b47ef160206946252a2d3.zip
Document `String#html_safe` [ci skip]
It should be part of the documented public API, since we have an entire section of the guides dedicated to it. Documented in a way that addresses the concerns which kept it undocumented in the past.
-rw-r--r--activesupport/lib/active_support/core_ext/string/output_safety.rb5
1 files changed, 5 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
index 042283e4fc..ba92afd5f4 100644
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -247,6 +247,11 @@ module ActiveSupport #:nodoc:
end
class String
+ # Marks a string as trusted safe. It will be inserted into HTML with no
+ # additional escaping performed. It is your responsibilty to ensure that the
+ # string contains no malicious content. This method is equivalent to the
+ # `raw` helper in views. It is recommended that you use `sanitize` instead of
+ # this method. It should never be called on user input.
def html_safe
ActiveSupport::SafeBuffer.new(self)
end