From d57d8098fc269a26ea0051a9027a33af1a9a4b2b Mon Sep 17 00:00:00 2001
From: Xavier Noria <fxn@hashref.com>
Date: Thu, 17 Nov 2011 23:07:06 +0100
Subject: warn the user values are directly interpolated into _html translation
 strings

---
 actionpack/lib/action_view/helpers/translation_helper.rb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'actionpack/lib/action_view')

diff --git a/actionpack/lib/action_view/helpers/translation_helper.rb b/actionpack/lib/action_view/helpers/translation_helper.rb
index be64dc823e..0e6c3c5724 100644
--- a/actionpack/lib/action_view/helpers/translation_helper.rb
+++ b/actionpack/lib/action_view/helpers/translation_helper.rb
@@ -43,6 +43,8 @@ module ActionView
       # a safe HTML string that won't be escaped by other HTML helper methods. This
       # naming convention helps to identify translations that include HTML tags so that
       # you know what kind of output to expect when you call translate in a template.
+      # Note however that rule extends to interpolated values, so you are responsible
+      # for passing them already escaped in the call, if they need to be.
       def translate(key, options = {})
         options.merge!(:rescue_format => :html) unless options.key?(:rescue_format)
         translation = I18n.translate(scope_key_by_partial(key), options)
-- 
cgit v1.2.3