Rails 3 XSS Escaping Breaks Plugins

Is there a relatively easy solution to Rails 3 auto escaping to not break view-oriented plugins? I'm using table_builder which has an api along the lines of:

<%= calendar_for(args) do |table| %>
   ...
<% end %>

Unfortunately, rails goes through and escapes all the html generated from that plugin. Is there an easy way to avoid this behavior that doesn't involve me hacking on the plugin itself? I can't really wrap it in a raw() from what I know because its an erb block.

Answers


take care which fork you put in your gemfile, this one works with rails3 as a gem like demonstrated in the railscast: http://railscasts.com/episodes/213-calendars

https://github.com/jchunky/table_builder

use this in your gemfile

  gem 'table_builder', '0.0.3', :git => 'git://github.com/jchunky/table_builder.git'

Need Your Help

How to display thumbnail in dropdown CSS list along with other styling of text

html css drop-down-menu

I've searched and came across a few examples but have been unable to merge them into my existing code, but I would prefer to keep the current styling and hover options if it is possible.

Yandex smtp settings with ssl

email web-config smtp sendmail

I can send emails via enableSsl="false" and 25 port. But it is not enought in case with own domain.