Active Support Core Extensions guide: reworded "on one hand" and similar to "for one thing"

2022-11-09 12:12:34 -05:00 · 2012-04-26 18:24:38 -03:00 · 2012-04-26 18:24:38 -03:00 · 504e539166
commit 504e539166
parent 8bf97d1a84
1 changed files with 1 additions and 1 deletions
--- a/guides/source/active_support_core_extensions.textile
+++ b/guides/source/active_support_core_extensions.textile
@ -1131,7 +1131,7 @@ h4. Output Safety

 h5. Motivation

-Inserting data into HTML templates needs extra care. For example you can't just interpolate +@review.title+ verbatim into an HTML page. On one hand if the review title is "Flanagan & Matz rules!" the output won't be well-formed because an ampersand has to be escaped as "&amp;amp;". On the other hand, depending on the application that may be a big security hole because users can inject malicious HTML setting a hand-crafted review title. Check out the "section about cross-site scripting in the Security guide":security.html#cross-site-scripting-xss for further information about the risks.
+Inserting data into HTML templates needs extra care. For example, you can't just interpolate +@review.title+ verbatim into an HTML page. For one thing, if the review title is "Flanagan & Matz rules!" the output won't be well-formed because an ampersand has to be escaped as "&amp;amp;". What's more, depending on the application, that may be a big security hole because users can inject malicious HTML setting a hand-crafted review title. Check out the "section about cross-site scripting in the Security guide":security.html#cross-site-scripting-xss for further information about the risks.

 h5. Safe Strings