Well, it seems I jumped the gun. In Security issue in Liquid::Template, I thought I had a found a problem with the Liquid template engine. Instead, I should have looked more closely at what I do:
1 class PagesController < ApplicationController
2 def show
3 # ...
4 render(:inline => @page.render, :layout => false)
The details can be found at #render on the Ruby on Rails API. Seems like it’s time for us to switch to using
I am sorry for any scare I caused. If I had run a separate test case, I’d have immediately seen I was in error, and not Liquid.
I am François Beausoleil, a Ruby on Rails and Scala developer. During the day, I work on Seevibes, a platform to measure social interactions related to TV shows. At night, I am interested many things. Read my biography.
Books I read and recommend
Projects I work on
Projects I worked on