Looking for a override of SafeBuffer
I was reading Katz's Safe Buffer article while trying to upgrade our side to Rails 3. We have a lot of helpers that build up fairly complex html/css bits from data we know is safe (we're doing things like large menus).
Unfortunately - if I'm reading Katz's article right - it seems like you need to mark everything html_safe or you get escaped.
I'm wondering if anyone has come up with a simple hack to turn this functional开发者_运维问答ity off on a module/method/block level yet? I was looking at the code in Rails that does this and it doesn't look all the trivial to override.
I believe you have a couple "easy" solutions:
- Modify the helpers by hand so that they return
html_safe
'd strings - Iterate over the methods (module?) and use
alias
to alias them to, say,_unsafe_helper_name
, and then havehelper_name
return_unsafe_helper_name.html_safe
- Use the
raw
method in your views. Callingraw
on output turns off Rails 3's built in protection and outputs the string just as it is with no escaping.
精彩评论