diff options
Diffstat (limited to 'actionpack/lib/action_view/helpers')
| -rw-r--r-- | actionpack/lib/action_view/helpers/active_model_helper.rb | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/tag_helper.rb | 2 | ||||
| -rw-r--r-- | actionpack/lib/action_view/helpers/url_helper.rb | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/actionpack/lib/action_view/helpers/active_model_helper.rb b/actionpack/lib/action_view/helpers/active_model_helper.rb index 4e12cdab54..e3db2923f7 100644 --- a/actionpack/lib/action_view/helpers/active_model_helper.rb +++ b/actionpack/lib/action_view/helpers/active_model_helper.rb @@ -129,7 +129,7 @@ module ActionView if (obj = (object.respond_to?(:errors) ? object : instance_variable_get("@#{object}"))) && (errors = obj.errors[method]) content_tag("div", - (options[:prepend_text].html_safe << errors.first).safe_concat(options[:append_text]), + "#{options[:prepend_text]}#{ERB::Util.h(errors.first)}#{options[:append_text]}".html_safe, :class => options[:css_class] ) else diff --git a/actionpack/lib/action_view/helpers/tag_helper.rb b/actionpack/lib/action_view/helpers/tag_helper.rb index d9d2588a2a..bbbc1f0981 100644 --- a/actionpack/lib/action_view/helpers/tag_helper.rb +++ b/actionpack/lib/action_view/helpers/tag_helper.rb @@ -109,7 +109,7 @@ module ActionView def content_tag_string(name, content, options, escape = true) tag_options = tag_options(options, escape) if options - ("<#{name}#{tag_options}>".html_safe << content.to_s).safe_concat("</#{name}>") + "<#{name}#{tag_options}>#{ERB::Util.h(content)}</#{name}>".html_safe end def tag_options(options, escape = true) diff --git a/actionpack/lib/action_view/helpers/url_helper.rb b/actionpack/lib/action_view/helpers/url_helper.rb index 148f2868e9..14d59034f1 100644 --- a/actionpack/lib/action_view/helpers/url_helper.rb +++ b/actionpack/lib/action_view/helpers/url_helper.rb @@ -224,7 +224,7 @@ module ActionView end href_attr = "href=\"#{url}\"" unless href - ("<a #{href_attr}#{tag_options}>".html_safe << (name || url)).safe_concat("</a>") + "<a #{href_attr}#{tag_options}>#{ERB::Util.h(name || url)}</a>".html_safe end end |