Forum: Ruby on Rails Rails 3 flash message problems

D3fc5887a2f39f2e0c8989d39ce5e6f9?d=identicon&s=25 Bharat Ruparel (bruparel)
on 2010-08-17 04:21
The following code in my application_helper.rb class either eats the
flash message or escapes it and does not display properly:

  # Outputs the corresponding flash message if any are set
  def flash_messages
    messages = []
    %w(notice warning error).each do |msg|
      messages << content_tag(:div, content_tag(:p,
html_escape(flash[msg.to_sym])), :class => "message #{msg}") unless
flash[msg.to_sym].blank?
    end
    messages
  end

I am not sure how to make it html_safe so that Rails 3 renders it
properly.  No problems with Rails 2.3.8, but I had to mark  the entire
method "safe_method" using rails_xss plugin.

Is there a rule to doing this kind of view sanitization?

Thanks.

Bharat
Aad37b5f7116c8d1f547d23b37566032?d=identicon&s=25 Greg Donald (destiney)
on 2010-08-17 04:42
(Received via mailing list)
On Mon, Aug 16, 2010 at 9:21 PM, Bharat Ruparel <lists@ruby-forum.com>
wrote:
> I am not sure how to make it html_safe so that Rails 3 > renders it properly.

Rails 3 is html safe by default.  You only need to use 'raw' if you
want it unsafe.

--
Greg Donald
destiney.com | gregdonald.com
D3fc5887a2f39f2e0c8989d39ce5e6f9?d=identicon&s=25 Bharat Ruparel (bruparel)
on 2010-08-17 04:56
Sorry,
Did not ask my question properly.  You are right, Rails 3 is safe by
default.

What I meant to ask is how do I fix the method shown above so that the
rendered HTML is not escaped and therefore displays properly?
Thanks.
Bharat
98c31121f2534664762297ba01d6b498?d=identicon&s=25 THAiSi (Guest)
on 2010-08-20 16:59
(Received via mailing list)
def flash_messages
    %w(notice warning error).each do |msg|
      concat content_tag(:div, content_tag(:p, flash[msg.to_sym]),
        :class => "message #{msg}") unless flash[msg.to_sym].blank?
    end
  end

in the layout: <% flash_messages %>
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.