The following code in my application_helper.rb class either eats the
flash message or escapes it and does not display properly:
# Outputs the corresponding flash message if any are set
def flash_messages
messages = []
%w(notice warning error).each do |msg|
messages << content_tag(:div, content_tag(:p,
html_escape(flash[msg.to_sym])), :class => "message #{msg}") unless
flash[msg.to_sym].blank?
end
messages
end
I am not sure how to make it html_safe so that Rails 3 renders it
properly. No problems with Rails 2.3.8, but I had to mark the entire
method "safe_method" using rails_xss plugin.
Is there a rule to doing this kind of view sanitization?
Thanks.
Bharat
--
Posted via http://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.
On Mon, Aug 16, 2010 at 9:21 PM, Bharat Ruparel <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> I am not sure how to make it html_safe so that Rails 3 > renders it properly.Rails 3 is html safe by default. You only need to use ''raw'' if you want it unsafe. -- Greg Donald destiney.com | gregdonald.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Sorry, Did not ask my question properly. You are right, Rails 3 is safe by default. What I meant to ask is how do I fix the method shown above so that the rendered HTML is not escaped and therefore displays properly? Thanks. Bharat -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
def flash_messages
%w(notice warning error).each do |msg|
concat content_tag(:div, content_tag(:p, flash[msg.to_sym]),
:class => "message #{msg}") unless flash[msg.to_sym].blank?
end
end
in the layout: <% flash_messages %>
On 17 aug, 04:56, Bharat Ruparel
<li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org>
wrote:> Sorry,
> Did not ask my question properly. You are right, Rails 3 is safe by
> default.
>
> What I meant to ask is how do I fix the method shown above so that the
> rendered HTML is not escaped and therefore displays properly?
> Thanks.
> Bharat
> --
> Posted viahttp://www.ruby-forum.com/.
--
You received this message because you are subscribed to the Google Groups
"Ruby on Rails: Talk" group.
To post to this group, send email to
rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org
To unsubscribe from this group, send email to
rubyonrails-talk+unsubscribe@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/rubyonrails-talk?hl=en.