Here is a little thing I find good to know ! Maybe you are curious too and you want to know how rails 2.3 know if your strings are html safe or not.

In order to prevent XSS injections, Rails 2.3 implement a way to determine if a string is safe : It’s just a little extension of the core string class given by active support (output_safety.rb).

This extension add a @_rails_html_safe instance variable to the majority of each string created by rails helper in your application !! (I find this way kind of brutal personally)

This variable is a boolean, and if it’s true, your string is HTML safe. So on each concatenation your string will be marked as html safe or not.

If you want to mark yourself a string as safe, use the method : html_safe!
And if you want to know if a string is safe, use : htm_safe?

Be careful, this code completely change in Rails3 and the little I seen, it’s a lot cleaner

Yesterday, the jQuery team has released a new version of its famous javascript library, and again, it’s rock competitors

• Source: Taskspeed Results
• jQuery 1.4.2 release note

A good start for succeed your projects, it’s using good tools. And jQuery is one of them.
So, do not wait, and start using the today best javascript library !

For Rails 3, use jQuery UJS :

Use the jQuery official UJS plugin : http://github.com/rails/jquery-ujs, explanations for usage on another blog : http://blog.datagraph.org/2010/02/jquery-with-rails-3

And do not forget to use the helper csrf_meta_tag in your header in order to output metas for the authenticity token.

For Rails 2.x, use Jrails :

Install the drop-in remplacement jrails plugin: http://github.com/aaronchi/jrails