The following code in my application_helper.rb class either eats the flash message or escapes it and does not display properly: # Outputs the corresponding flash message if any are set def flash_messages messages = [] %w(notice warning error).each do |msg| messages << content_tag(:div, content_tag(:p, html_escape(flash[msg.to_sym])), :class => "message #{msg}") unless flash[msg.to_sym].blank? end messages end I am not sure how to make it html_safe so that Rails 3 renders it properly. No problems with Rails 2.3.8, but I had to mark the entire method "safe_method" using rails_xss plugin. Is there a rule to doing this kind of view sanitization? Thanks. Bharat -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
On Mon, Aug 16, 2010 at 9:21 PM, Bharat Ruparel <lists-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> I am not sure how to make it html_safe so that Rails 3 > renders it properly.Rails 3 is html safe by default. You only need to use ''raw'' if you want it unsafe. -- Greg Donald destiney.com | gregdonald.com -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
Sorry, Did not ask my question properly. You are right, Rails 3 is safe by default. What I meant to ask is how do I fix the method shown above so that the rendered HTML is not escaped and therefore displays properly? Thanks. Bharat -- Posted via http://www.ruby-forum.com/. -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.
def flash_messages %w(notice warning error).each do |msg| concat content_tag(:div, content_tag(:p, flash[msg.to_sym]), :class => "message #{msg}") unless flash[msg.to_sym].blank? end end in the layout: <% flash_messages %> On 17 aug, 04:56, Bharat Ruparel <li...-fsXkhYbjdPsEEoCn2XhGlw@public.gmane.org> wrote:> Sorry, > Did not ask my question properly. You are right, Rails 3 is safe by > default. > > What I meant to ask is how do I fix the method shown above so that the > rendered HTML is not escaped and therefore displays properly? > Thanks. > Bharat > -- > Posted viahttp://www.ruby-forum.com/.-- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to rubyonrails-talk-/JYPxA39Uh5TLH3MbocFF+G/Ez6ZCGd0@public.gmane.org To unsubscribe from this group, send email to rubyonrails-talk+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en.