Haml contains a method to ensure that generated html is not escaped. Specifically, you can use != instead of = if you want to avoid escaping.
https://haml.info/docs/yardoc/file.REFERENCE.html#unescaping_html
= "I feel <strong>!"
!= "I feel <strong>!"
However, like using raw and h() and .html_safe and friends, it's very easy to accidentally create security holes in your application
!= "Username: <strong>#{user.name}</strong>"
In most cases != is undesirable, and can be avoided by using safer methods (e.g. in Rails, by using SafeBuffers when building in views or helpers).
I'd therefore like to see a linter that can flag up uses of !=, in case they slip through code review.
Haml contains a method to ensure that generated html is not escaped. Specifically, you can use
!=instead of=if you want to avoid escaping.https://haml.info/docs/yardoc/file.REFERENCE.html#unescaping_html
However, like using
rawandh()and.html_safeand friends, it's very easy to accidentally create security holes in your applicationIn most cases
!=is undesirable, and can be avoided by using safer methods (e.g. in Rails, by using SafeBuffers when building in views or helpers).I'd therefore like to see a linter that can flag up uses of
!=, in case they slip through code review.