Making Haml escape by defualt.

steveklabnik · steveklabnik · commit 692f159378fa · 2010-07-12T00:01:28.000-04:00
I love using Haml's :escape_html option to help catch all of those XSS
attacks!
diff --git a/configure.rb b/configure.rb
@@ -1,5 +1,7 @@
 set :views, File.join(File.dirname(__FILE__), 'views')
 
+set :haml, :escape_html => true
+
 def setup_db environ
 	MongoMapper.connection = Mongo::Connection.new('localhost')
 	MongoMapper.database = "hackety-#{environ}"
diff --git a/views/layout.haml b/views/layout.haml
@@ -12,4 +12,4 @@
         %a{:href => "/login" }Log in
     %div{:id => "flash-notice"}= flash[:notice]
     %div{:id => "flash-error"}= flash[:error]
-    = yield
+    != yield
diff --git a/views/posts/show.haml b/views/posts/show.haml
@@ -1,6 +1,6 @@
 %h1= @post.title
 - markdown = RDiscount.new(@post.body, :smart, :filter_html)
-%p= markdown.to_html
+%p!= markdown.to_html
 
 %hr
 
