diff options
| author | Prem Sichanugrist <s@sikachu.com> | 2012-09-02 01:08:20 -0400 |
|---|---|---|
| committer | Prem Sichanugrist <s@sikac.hu> | 2012-09-17 15:54:23 -0400 |
| commit | 9873dd800b77105fe17f583f0d036240ef334826 (patch) | |
| tree | f78fc11a0064b1825484744511f399b2b5f5a439 /guides/source/active_support_core_extensions.md | |
| parent | 31ef4cf656785a190723d2d8fb4c0fd06f4009bc (diff) | |
| download | rails-9873dd800b77105fe17f583f0d036240ef334826.tar.gz rails-9873dd800b77105fe17f583f0d036240ef334826.tar.bz2 rails-9873dd800b77105fe17f583f0d036240ef334826.zip | |
Convert all the links into Markdown format
Diffstat (limited to 'guides/source/active_support_core_extensions.md')
| -rw-r--r-- | guides/source/active_support_core_extensions.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/guides/source/active_support_core_extensions.md b/guides/source/active_support_core_extensions.md index 226ff67ff7..4a0e172115 100644 --- a/guides/source/active_support_core_extensions.md +++ b/guides/source/active_support_core_extensions.md @@ -610,7 +610,7 @@ NOTE: Defined in `active_support/core_ext/module/attr_internal.rb`. #### Module Attributes -The macros `mattr_reader`, `mattr_writer`, and `mattr_accessor` are analogous to the `cattr_*` macros defined for class. Check "Class Attributes":#class-attributes. +The macros `mattr_reader`, `mattr_writer`, and `mattr_accessor` are analogous to the `cattr_*` macros defined for class. Check [Class Attributes](#class-attributes). For example, the dependencies mechanism uses them: @@ -1151,7 +1151,7 @@ Extensions to `String` #### Motivation -Inserting data into HTML templates needs extra care. For example, you can't just interpolate `@review.title` verbatim into an HTML page. For one thing, if the review title is "Flanagan & Matz rules!" the output won't be well-formed because an ampersand has to be escaped as "&amp;". What's more, depending on the application, that may be a big security hole because users can inject malicious HTML setting a hand-crafted review title. Check out the "section about cross-site scripting in the Security guide":security.html#cross-site-scripting-xss for further information about the risks. +Inserting data into HTML templates needs extra care. For example, you can't just interpolate `@review.title` verbatim into an HTML page. For one thing, if the review title is "Flanagan & Matz rules!" the output won't be well-formed because an ampersand has to be escaped as "&amp;". What's more, depending on the application, that may be a big security hole because users can inject malicious HTML setting a hand-crafted review title. Check out the "section about cross-site scripting in the [Security guide](security.html#cross-site-scripting-xss) for further information about the risks. #### Safe Strings |