diff options
author | Xavier Noria <fxn@hashref.com> | 2011-11-17 23:07:06 +0100 |
---|---|---|
committer | Xavier Noria <fxn@hashref.com> | 2011-11-17 23:07:06 +0100 |
commit | d57d8098fc269a26ea0051a9027a33af1a9a4b2b (patch) | |
tree | 1e46a9fc570603e5f737940dabb3a88ff94b9555 /railties/guides | |
parent | 9b534060bfafbf1db36e73bb3e538b8c412dcc54 (diff) | |
download | rails-d57d8098fc269a26ea0051a9027a33af1a9a4b2b.tar.gz rails-d57d8098fc269a26ea0051a9027a33af1a9a4b2b.tar.bz2 rails-d57d8098fc269a26ea0051a9027a33af1a9a4b2b.zip |
warn the user values are directly interpolated into _html translation strings
Diffstat (limited to 'railties/guides')
-rw-r--r-- | railties/guides/source/i18n.textile | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/railties/guides/source/i18n.textile b/railties/guides/source/i18n.textile index 2d4cc13571..43afa6c9e2 100644 --- a/railties/guides/source/i18n.textile +++ b/railties/guides/source/i18n.textile @@ -634,6 +634,18 @@ en: !images/i18n/demo_html_safe.png(i18n demo html safe)! +Please note that values are interpolated directly into the translation. +If they need to be escaped you need to pass them already escaped in the +t+ call. + +<erb> +# config/locales/en.yml +en: + welcome_html: <b>Welcome %{name}!</b> + +<%# Note the call to h() to avoid injection %> +<%= t('welcome_html', :name => h(user.name)) %> +</erb> + h3. How to Store your Custom Translations The Simple backend shipped with Active Support allows you to store translations in both plain Ruby and YAML format. [2] |