a5e08f7bcc
I installed the rails_xss plugin, for the main purpose of seeing what will break with Rails 3.0 (where the behaviour of the plugin is the default). I think I've fixed everything, but let me know if you see stuff that is HTML-escaped, which shouldn't be. As a side benefit, we now use Erubis, rather than ERB, to render templates. They tell me it's faster ...
29 lines
416 B
Plaintext
29 lines
416 B
Plaintext
<html>
|
|
<body>
|
|
<%
|
|
(let ((user "Erubis")
|
|
(items '("<aaa>" "b&b" "\"ccc\""))
|
|
(i 0))
|
|
%>
|
|
<p>Hello <%= user %>!</p>
|
|
<table>
|
|
<%
|
|
(for-each
|
|
(lambda (item)
|
|
(set! i (+ i 1))
|
|
%>
|
|
<tr bgcolor="<%= (if (= (modulo i 2) 0) "#FFCCCC" "#CCCCFF") %>">
|
|
<td><%= i %></td>
|
|
<td><%= item %></td>
|
|
</tr>
|
|
<%
|
|
) ; lambda end
|
|
items) ; for-each end
|
|
%>
|
|
</table>
|
|
<%
|
|
) ; let end
|
|
%>
|
|
</body>
|
|
</html>
|