Hi, is there any danger if the rails html_escape function would stop escaping '&'? I tested a few cases and it doesn't seem to create any problems. Can you give me a contrary an example? Thanks.
+1
A:
If you put an unescaped "&" into an HTML attribute, it would make your page invalid. For example:
<a href="http://yoursite.com/?Product=1949&View=1">Link</a>
The page is now invalid as the & indicates an entity. This is true for any usage of an & on a page (for example, view source and hopefully you'll notice that Stack Overflow escapes the & signs in this post!)
The following would make the above example valid:
<a href="http://yoursite.com/?Product=1949&amp;View=1">Link</a>
Sohnee
2010-03-08 10:43:01