rails_xss, prefer raw or .html_escape?

Which is 开发者_如何学运维preferable?

<%= raw @item.description %>

or

<%= @item.description.html_safe %>

If you are outside of view then the raw helper is not accessible (you can include it anywhere but by default it is not available in model / controller). So in those cases the html_safe is the only sane option.

And inside view? Well, there is source code of the raw helper:

# actionpack-3.0.0/lib/action_view/helpers/raw_output_helper.rb
def raw(stringish)
  stringish.to_s.html_safe
end

so there is almost no difference as the raw simply calls #html_safe

As Radek notes, raw uses html_safe, but because it first casts to a string, it avoids null exceptions. Therefore, raw is slightly better!