[Rails] XSS and partials in Rails 2.3.7

Hey all,

Just wondering if there is any reason that the new XSS safety code in
2.3.7 is escaping my partials. That don't seem right!

I've overcome it temporarily by throwing in a "raw" like this:
<%= render raw :partial => 'mypartial' %>

It's also escaping any inline <SCRIPT> tags in the templates. (This
may be by design, I dunno.)

In advance of some responses that might come from this question, I've
already read the update I've copied below and don't think it applies
here since I installed the rails_xss plugin.

TIA,
Dee

"Update: fixing compatibility with the rails_xss plugin broke HTML-
safety for apps that don't use rails_xss. We're sorry, all: HTML-
safety is meant to be opt-in! The fix is available now in 2.3.8.pre1
and will be released shortly."

--
You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talk@googlegroups.com.
To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.