From 0c7ac34aed1845044cd1911e5a775366d7ca41c1 Mon Sep 17 00:00:00 2001
From: Michael Koziarski <michael@koziarski.com>
Date: Fri, 1 Nov 2013 11:50:05 +1300
Subject: Stop using i18n's built in HTML error handling.

i18n doesn't depend on active support which means it can't use our html_safe
code to do its escaping when generating the spans.  Rather than try to sanitize
the output from i18n, just revert to our old behaviour of rescuing the error
and constructing the tag ourselves.

Fixes: CVE-2013-4491
---
 actionview/test/template/translation_helper_test.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionview/test/template/translation_helper_test.rb')

diff --git a/actionview/test/template/translation_helper_test.rb b/actionview/test/template/translation_helper_test.rb
index d496dbb35e..0dfe47f5f4 100644
--- a/actionview/test/template/translation_helper_test.rb
+++ b/actionview/test/template/translation_helper_test.rb
@@ -31,7 +31,7 @@ class TranslationHelperTest < ActiveSupport::TestCase
   end
 
   def test_delegates_to_i18n_setting_the_rescue_format_option_to_html
-    I18n.expects(:translate).with(:foo, :locale => 'en', :rescue_format => :html).returns("")
+    I18n.expects(:translate).with(:foo, :locale => 'en', :raise=>true).returns("")
     translate :foo, :locale => 'en'
   end
 
-- 
cgit v1.2.3