This project is archived and is in readonly mode.
Are I18n yml files thought to be html_safe? (AWDwR3, section 13)
Reported by Sam Ruby | October 21st, 2009 @ 04:59 PM
With the next XSS support, I'm finding that I need to do things like the following:
<h1><%=raw I18n.t('main.title') %></h1>
What should be discussed is whether or not the data found in I18N YAML files are thought to be html_safe!, or should be considered as plain text (and therefore escaped).
Related: https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets...
Comments and changes to this ticket
-
Repository December 25th, 2009 @ 04:33 AM
- State changed from “new” to “committed”
(from [0a365d63f6fc99ce63781a15aefda87c4074108d]) Translated strings in the view are assumed html_safe (Closes #3401) http://github.com/rails/rails/commit/0a365d63f6fc99ce63781a15aefda8...
-
Repository December 25th, 2009 @ 04:33 AM
(from [2675e4ef83b2a0fb38f01140d65fbded3ceac9ab]) Translated strings in the view are assumed html_safe (Closes #3401) http://github.com/rails/rails/commit/2675e4ef83b2a0fb38f01140d65fbd...
Create your profile
Help contribute to this project by taking a few moments to create your personal profile. Create your profile »
<h2 style="font-size: 14px">Tickets have moved to Github</h2>
The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>
People watching this ticket
Michael Koziarski
Sam Ruby
Referenced by
-
3401
Are I18n yml files thought to be html_safe? (AWDwR3, section 13)
(from [0a365d63f6fc99ce63781a15aefda87c4074108d])
Transla...
-
3401
Are I18n yml files thought to be html_safe? (AWDwR3, section 13)
(from [2675e4ef83b2a0fb38f01140d65fbded3ceac9ab])
Transla...
-
3794
Translations with interpolated strings (not html_safe)
In #3401 (and commit
http://github.com/rails/rails/commi...