From 5f189f41258b83d49012ec5a0678d827327e7543 Mon Sep 17 00:00:00 2001
From: Joost Baaij <joost@spacebabies.nl>
Date: Fri, 16 Nov 2012 09:11:43 +0100
Subject: Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`.
 This is a list of mime types where template text is not html escaped by
 default. It prevents `Jack & Joe` from rendering as `Jack &amp; Joe` for the
 whitelisted mime types. The default whitelist contains text/plain.

This follows a whitelist approach where plain text templates are
not escaped, and all the others (json, xml) are. The mime type is
assumed to be set by the abstract controller.
---
 actionpack/CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'actionpack/CHANGELOG.md')

diff --git a/actionpack/CHANGELOG.md b/actionpack/CHANGELOG.md
index e04eac739d..78ef809196 100644
--- a/actionpack/CHANGELOG.md
+++ b/actionpack/CHANGELOG.md
@@ -43,6 +43,13 @@
 
     *Josh Peek*
 
+*   Introduce `ActionView::Template::Handlers::ERB.escape_whitelist`. This is a list
+    of mime types where template text is not html escaped by default. It prevents `Jack & Joe`
+    from rendering as `Jack &amp; Joe` for the whitelisted mime types. The default whitelist
+    contains text/plain. Fix #7976
+
+    *Joost Baaij*
+
 *   `assert_template` can be used to assert on the same template with different locals
     Fix #3675
 
-- 
cgit v1.2.3