This project is archived and is in readonly mode.

#3401 ✓committed
Sam Ruby

Are I18n yml files thought to be html_safe? (AWDwR3, section 13)

Reported by Sam Ruby | October 21st, 2009 @ 04:59 PM

With the next XSS support, I'm finding that I need to do things like the following:

<h1><%=raw I18n.t('main.title') %></h1>

What should be discussed is whether or not the data found in I18N YAML files are thought to be html_safe!, or should be considered as plain text (and therefore escaped).

Related: https://rails.lighthouseapp.com/projects/8994-ruby-on-rails/tickets...

Comments and changes to this ticket

Create your profile

Help contribute to this project by taking a few moments to create your personal profile. Create your profile »

<h2 style="font-size: 14px">Tickets have moved to Github</h2>

The new ticket tracker is available at <a href="https://github.com/rails/rails/issues">https://github.com/rails/rails/issues</a>

People watching this ticket

Tags

Referenced by

Pages