diff options
| author | Sean Griffin <sean@thoughtbot.com> | 2014-11-24 14:07:27 -0700 |
|---|---|---|
| committer | Sean Griffin <sean@thoughtbot.com> | 2014-11-24 14:09:00 -0700 |
| commit | 0349516ddbb712680b1b47ef160206946252a2d3 (patch) | |
| tree | cbcd70b9fc6d7621cbb36994bfed8ae49999e587 /activesupport/lib | |
| parent | 47728d53aa94b50297d38e4c15441ae12b6ca9f8 (diff) | |
| download | rails-0349516ddbb712680b1b47ef160206946252a2d3.tar.gz rails-0349516ddbb712680b1b47ef160206946252a2d3.tar.bz2 rails-0349516ddbb712680b1b47ef160206946252a2d3.zip | |
Document `String#html_safe` [ci skip]
It should be part of the documented public API, since we have an entire
section of the guides dedicated to it. Documented in a way that
addresses the concerns which kept it undocumented in the past.
Diffstat (limited to 'activesupport/lib')
| -rw-r--r-- | activesupport/lib/active_support/core_ext/string/output_safety.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb index 042283e4fc..ba92afd5f4 100644 --- a/activesupport/lib/active_support/core_ext/string/output_safety.rb +++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb @@ -247,6 +247,11 @@ module ActiveSupport #:nodoc: end class String + # Marks a string as trusted safe. It will be inserted into HTML with no + # additional escaping performed. It is your responsibilty to ensure that the + # string contains no malicious content. This method is equivalent to the + # `raw` helper in views. It is recommended that you use `sanitize` instead of + # this method. It should never be called on user input. def html_safe ActiveSupport::SafeBuffer.new(self) end |