I am trying to convert my Rails 2.3.5 app to 2.3.8 and then to Rails 3.0
Currently, I am upgrading to Rails 2.3.8. The default escaping behavior
is causing all kinds of problems.
I have installed the rails_xss plugin from the following url:
http://github.com/rails/rails_xss
And am trying to follow the directions in readme.
I have a form builder which has the following method:
def field_label(field_name, *args)
options = args.extract_options!
options.reverse_merge!(:required => field_required?(field_name))
options[:label_class] = "required" if options[:required]
t_label = options.delete(:label)
t_label = (t_label.nil? ? field_name.to_s.humanize.titleize :
t_label)
if object.errors.invalid? field_name
temp_label = t_label + ": " +
@template.content_tag(:span,
([object.errors.on(field_name)].flatten.first.sub(/^\^/, '''')),
:class =>
''error_message'')
else
temp_label = t_label
end
label(field_name, temp_label.html_safe, :class =>
options[:label_class])
end
I cannot seem to get the method above not escape the error text when I
intentionally try to submit a required field with an empty value. I get
an output as shown below:
Client Name: can''t be blank
<span class=''field_error''><input
id="client_client_name"
name="client[client_name]" size="30" type="text"
value="" /></span>
See if the string in the <span> element is not being interpreted? How
can this be done? Is there a method to this madness?
Thanks for your time.
Bharat
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.