Remove Phlex version conditionals #187
Conversation
| ) | ||
| end | ||
| end | ||
| pre { raw(safe(FORMATTER.format(lexer.lex(@code)))) } |
There was a problem hiding this comment.
I'm not sure if is recommended to flag code as safe by default. Our users can pass user generated content here and create a security breach. I think we should force the users to use safe when passing content, so they will know what they are doing. I can open a new PR to change this.
There was a problem hiding this comment.
Yeah agreed but in this context is it not safe because we are limiting what is being passed as safe? It's only in the code component to render it.
There was a problem hiding this comment.
Good question. I will make some tests here.
There was a problem hiding this comment.
It’s an interesting debate. It may be cumbersome to require the user to call safe by himself on a code block. A code block component implies that the code will be interpreted. Let's keep that way for now.
There was a problem hiding this comment.
@SethHorsley @cirdes I think Rouge is escaping the code, so I think it is safe since we are using safe on rouge result and not on given code.
| ) | ||
| end | ||
| end | ||
| pre { raw(safe(FORMATTER.format(lexer.lex(@code)))) } |
There was a problem hiding this comment.
It’s an interesting debate. It may be cumbersome to require the user to call safe by himself on a code block. A code block component implies that the code will be interpreted. Let's keep that way for now.
Remove legacy code checking Phlex version.