Rails 3 flash message problems

22 views
Skip to first unread message

Bharat Ruparel

unread,
Aug 16, 2010, 10:21:07 PM8/16/10
to rubyonra...@googlegroups.com
The following code in my application_helper.rb class either eats the
flash message or escapes it and does not display properly:

# Outputs the corresponding flash message if any are set
def flash_messages
messages = []
%w(notice warning error).each do |msg|
messages << content_tag(:div, content_tag(:p,
html_escape(flash[msg.to_sym])), :class => "message #{msg}") unless
flash[msg.to_sym].blank?
end
messages
end

I am not sure how to make it html_safe so that Rails 3 renders it
properly. No problems with Rails 2.3.8, but I had to mark the entire
method "safe_method" using rails_xss plugin.

Is there a rule to doing this kind of view sanitization?

Thanks.

Bharat
--
Posted via http://www.ruby-forum.com/.

Greg Donald

unread,
Aug 16, 2010, 10:41:13 PM8/16/10
to rubyonra...@googlegroups.com
On Mon, Aug 16, 2010 at 9:21 PM, Bharat Ruparel <li...@ruby-forum.com> wrote:
> I am not sure how to make it html_safe so that Rails 3 > renders it properly.

Rails 3 is html safe by default. You only need to use 'raw' if you
want it unsafe.

--
Greg Donald
destiney.com | gregdonald.com

Bharat Ruparel

unread,
Aug 16, 2010, 10:56:40 PM8/16/10
to rubyonra...@googlegroups.com
Sorry,
Did not ask my question properly. You are right, Rails 3 is safe by
default.

What I meant to ask is how do I fix the method shown above so that the
rendered HTML is not escaped and therefore displays properly?

THAiSi

unread,
Aug 20, 2010, 5:41:25 AM8/20/10
to Ruby on Rails: Talk
def flash_messages
%w(notice warning error).each do |msg|
concat content_tag(:div, content_tag(:p, flash[msg.to_sym]),
:class => "message #{msg}") unless flash[msg.to_sym].blank?
end
end

in the layout: <% flash_messages %>
Reply all
Reply to author
Forward
0 new messages