rack-escapee

rack-escapee is a rack middleware that logs any time you are rendering escaped html tags and entities, because this is usually unwanted behavior. This is an attempt to make it easier to switch from an unescaped by default view rendering to escaped by default view rendering, such as adding the rails_xss plugin to Rails 2.x projects or moving from Rails 2 to Rails 3.

Uses

The most automated way to take advantage of this tool is with integration tests. When your integration test suite runs, rack-escapee will be logging as usual. After your tests run, you will have a log full of anything that your integration tests touch (hopefully most of your app).

Configuration

Escapee by default outputs to STDOUT but can be optionally configured to use a log file. The logfile is my preferred way so that it is all in one place especially if you are running your integration suite with escapee.

Rails 3

In config/application.rb

config.middleware.use "Rack::Escapee", :logfile => "log/escapee.log"

Rails 2

In config/environment.rb (or a specific environment you only want to log)

Rails::Initializer.run do |config|
  config.gem 'rack-escapee', :lib => 'rack/escapee'

  config.middleware.use "Rack::Escapee", :logfile => "log/escapee.log"
end

Sinatra

require 'rack/escapee'

use Rack::Escapee, "log/stuff_to_fix.log"

Contributing to rack-escapee

Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
Fork the project
Start a feature/bugfix branch
Commit and push until you are happy with your contribution
Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.