I realize it's been pulled into a separate gem, but what's the reason? Is this just a matter of streamlining Rails, or is there some reason I should be weary of auto_link?
(The gem says it's meant to 'bridge the gap for people migrating', which suggests to me that if I'm introducing rails_autolink into a new project, I must be doing something wrong, no?)
thanks,
From the commit where auto_link was removed, Aaron Patterson (tenderlove) explains in the comments:
Unfortunately this method is extremely difficult to secure correctly. Ensuring this method is bullet-proof takes a faster release cycle than we have for rails. That's why we moved it to a gem. Please use the gem if you need the functionality! :-)
https://github.com/rails/rails/commit/81cfbf4146d3c5a58054b64112b8ce196f2fc061
Each security fix only requires updating one gem, instead of the 6 for rails.
© 2022 - 2024 — McMap. All rights reserved.
auto_linkfor most applications. While some uses ofauto_linkmay be spot on, most uses of it in most applications are not, and should be done another way. – Aesculapianauto_link. The overall point is that only some applications should be using it, not most. Rails should only have the things that most applications do use, should use, or could use, but sinceauto_linkis not one of those things, it got removed from Rails. – Aesculapian