diff options
author | lest <just.lest@gmail.com> | 2011-11-17 18:29:55 +0300 |
---|---|---|
committer | Jon Leighton <j@jonathanleighton.com> | 2011-11-17 23:07:39 +0000 |
commit | e8d57f361a9982382f75449ec0d65d6c798b9ce2 (patch) | |
tree | 1d170b34597a5abdc55c650a3306935081f6b524 /actionpack/lib/action_view/helpers | |
parent | 1079724fe643fe63e6d58a37274c2cf0ff172a8b (diff) | |
download | rails-e8d57f361a9982382f75449ec0d65d6c798b9ce2.tar.gz rails-e8d57f361a9982382f75449ec0d65d6c798b9ce2.tar.bz2 rails-e8d57f361a9982382f75449ec0d65d6c798b9ce2.zip |
_html translation should escape interpolated arguments
Diffstat (limited to 'actionpack/lib/action_view/helpers')
-rw-r--r-- | actionpack/lib/action_view/helpers/translation_helper.rb | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/actionpack/lib/action_view/helpers/translation_helper.rb b/actionpack/lib/action_view/helpers/translation_helper.rb index be64dc823e..42726f888c 100644 --- a/actionpack/lib/action_view/helpers/translation_helper.rb +++ b/actionpack/lib/action_view/helpers/translation_helper.rb @@ -45,11 +45,16 @@ module ActionView # you know what kind of output to expect when you call translate in a template. def translate(key, options = {}) options.merge!(:rescue_format => :html) unless options.key?(:rescue_format) - translation = I18n.translate(scope_key_by_partial(key), options) - if html_safe_translation_key?(key) && translation.respond_to?(:html_safe) - translation.html_safe + if html_safe_translation_key?(key) + html_safe_options = options.dup + options.except(*I18n::RESERVED_KEYS).each do |name, value| + html_safe_options[name] = ERB::Util.html_escape(value.to_s) + end + translation = I18n.translate(scope_key_by_partial(key), html_safe_options) + + translation.respond_to?(:html_safe) ? translation.html_safe : translation else - translation + I18n.translate(scope_key_by_partial(key), options) end end alias :t :translate |