From 0349516ddbb712680b1b47ef160206946252a2d3 Mon Sep 17 00:00:00 2001
From: Sean Griffin <sean@thoughtbot.com>
Date: Mon, 24 Nov 2014 14:07:27 -0700
Subject: Document `String#html_safe` [ci skip]

It should be part of the documented public API, since we have an entire
section of the guides dedicated to it. Documented in a way that
addresses the concerns which kept it undocumented in the past.
---
 activesupport/lib/active_support/core_ext/string/output_safety.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'activesupport')

diff --git a/activesupport/lib/active_support/core_ext/string/output_safety.rb b/activesupport/lib/active_support/core_ext/string/output_safety.rb
index 042283e4fc..ba92afd5f4 100644
--- a/activesupport/lib/active_support/core_ext/string/output_safety.rb
+++ b/activesupport/lib/active_support/core_ext/string/output_safety.rb
@@ -247,6 +247,11 @@ module ActiveSupport #:nodoc:
 end
 
 class String
+  # Marks a string as trusted safe. It will be inserted into HTML with no
+  # additional escaping performed. It is your responsibilty to ensure that the
+  # string contains no malicious content. This method is equivalent to the
+  # `raw` helper in views. It is recommended that you use `sanitize` instead of
+  # this method. It should never be called on user input.
   def html_safe
     ActiveSupport::SafeBuffer.new(self)
   end
-- 
cgit v1.2.3