diff options
author | Bruno Michel <bmichel@menfin.info> | 2010-02-13 19:53:26 -0200 |
---|---|---|
committer | Yehuda Katz <yehudakatz@YK.local> | 2010-02-14 12:03:28 -0800 |
commit | f86421fb282ff2d209914db736ca64380dab044d (patch) | |
tree | d539bc4dac34268b5ed973bcfc9f80744d059c88 /actionpack/lib/action_view/helpers/active_model_helper.rb | |
parent | 411c15ed5220cb07cfb1989d32be956f94a7478f (diff) | |
download | rails-f86421fb282ff2d209914db736ca64380dab044d.tar.gz rails-f86421fb282ff2d209914db736ca64380dab044d.tar.bz2 rails-f86421fb282ff2d209914db736ca64380dab044d.zip |
content_tag should escape its input
Signed-off-by: Yehuda Katz <yehudakatz@YK.local>
Diffstat (limited to 'actionpack/lib/action_view/helpers/active_model_helper.rb')
-rw-r--r-- | actionpack/lib/action_view/helpers/active_model_helper.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/actionpack/lib/action_view/helpers/active_model_helper.rb b/actionpack/lib/action_view/helpers/active_model_helper.rb index e106bb0897..c87e216c32 100644 --- a/actionpack/lib/action_view/helpers/active_model_helper.rb +++ b/actionpack/lib/action_view/helpers/active_model_helper.rb @@ -127,7 +127,7 @@ module ActionView if (obj = (object.respond_to?(:errors) ? object : instance_variable_get("@#{object}"))) && (errors = obj.errors[method]) content_tag("div", - "#{options[:prepend_text]}#{ERB::Util.html_escape(errors.first)}#{options[:append_text]}", + "#{options[:prepend_text]}#{ERB::Util.html_escape(errors.first)}#{options[:append_text]}".html_safe, :class => options[:css_class] ) else @@ -228,14 +228,14 @@ module ActionView object.errors.full_messages.map do |msg| content_tag(:li, ERB::Util.html_escape(msg)) end - end.join + end.join.html_safe contents = '' contents << content_tag(options[:header_tag] || :h2, header_message) unless header_message.blank? contents << content_tag(:p, message) unless message.blank? contents << content_tag(:ul, error_messages) - content_tag(:div, contents, html) + content_tag(:div, contents.html_safe, html) end else '' |