Merge branch 'master' of git@github.com:rails/rails

2008-05-11 23:59:27 +01:00 · 2008-05-11 23:59:27 +01:00 · c11bd7e713
commit c11bd7e713
parent 80e18e759e 9a137506a1
1 changed files with 5 additions and 0 deletions
--- a/actionpack/lib/action_view/helpers/sanitize_helper.rb
+++ b/actionpack/lib/action_view/helpers/sanitize_helper.rb
@ -48,6 +48,11 @@ def self.included(base)
      #     config.action_view.sanitized_allowed_attributes = 'id', 'class', 'style'
      #   end
      # 
+      # Please note that sanitizing user-provided text does not guarantee that the
+      # resulting markup is valid (conforming to a document type) or even well-formed.
+      # The output may still contain e.g. unescaped '<', '>', '&' characters and
+      # confuse browsers.
+      #
      def sanitize(html, options = {})
        self.class.white_list_sanitizer.sanitize(html, options)
      end