Should the flash message be escaped automatically by Rails? If not, how to ensure message gets escaped (without using CGI::escapeHTML)?
After doing some searching, I figured out that it should be escaped, and one got to html_safe a message to display html. But when I try
flash[:error] = "<b>YO</b>"
it is displayed as bold YO and not as <b>YO</b>. Note that string object is not html_safe itself.
Aucun commentaire:
Enregistrer un commentaire