From 521266f913083c3029567ffe647e08e39af7f18a Mon Sep 17 00:00:00 2001 From: Neil Matatall Date: Wed, 27 Sep 2017 07:14:37 -1000 Subject: Encourage html-safe API in layouts/rendering guide While the code example was not unsafe, it encourages the use of confusingly unsafe APIs (specifically `html_safe`). We have a safe alternative and we should encourage people to use it under all circumstances. --- guides/source/layouts_and_rendering.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'guides/source') diff --git a/guides/source/layouts_and_rendering.md b/guides/source/layouts_and_rendering.md index fe2477f2ae..b9b327252f 100644 --- a/guides/source/layouts_and_rendering.md +++ b/guides/source/layouts_and_rendering.md @@ -232,14 +232,14 @@ You can send an HTML string back to the browser by using the `:html` option to `render`: ```ruby -render html: "Not Found".html_safe +render html: helpers.tag.strong('Not Found') ``` TIP: This is useful when you're rendering a small snippet of HTML code. However, you might want to consider moving it to a template file if the markup is complex. -NOTE: When using `html:` option, HTML entities will be escaped if the string is not marked as HTML safe by using `html_safe` method. +NOTE: When using `html:` option, HTML entities will be escaped if the string is not composed with `html_safe`-aware APIs. #### Rendering JSON -- cgit v1.2.3