Rails 3 flash message problems

11155 · August 17, 2010, 2:21am

The following code in my application_helper.rb class either eats the flash message or escapes it and does not display properly:

# Outputs the corresponding flash message if any are set def flash_messages messages = %w(notice warning error).each do |msg| messages << content_tag(:div, content_tag(:p, html_escape(flash[msg.to_sym])), :class => "message #{msg}") unless flash[msg.to_sym].blank? end messages end

I am not sure how to make it html_safe so that Rails 3 renders it properly. No problems with Rails 2.3.8, but I had to mark the entire method "safe_method" using rails_xss plugin.

Is there a rule to doing this kind of view sanitization?

Thanks.

Bharat

Greg_Donald1 · August 17, 2010, 2:41am

Rails 3 is html safe by default. You only need to use 'raw' if you want it unsafe.

11155 · August 17, 2010, 2:56am

Sorry, Did not ask my question properly. You are right, Rails 3 is safe by default.

What I meant to ask is how do I fix the method shown above so that the rendered HTML is not escaped and therefore displays properly? Thanks. Bharat

THAiSi · August 20, 2010, 9:41am

def flash_messages %w(notice warning error).each do |msg| concat content_tag(:div, content_tag(:p, flash[msg.to_sym]), :class => "message #{msg}") unless flash[msg.to_sym].blank? end end

in the layout: <% flash_messages %>

Topic		Replies	Views
Rails 3 and html_safe rubyonrails-talk	4	163	May 17, 2010
Can't store html_safe in flash hash. rubyonrails-core	3	805	June 16, 2014
using a link in a view , flash message doesn't clear rubyonrails-talk	2	138	January 18, 2012
link_to in the controller flash message? rubyonrails-talk	6	149	November 2, 2010
Rails 3 Flash Messages Not Clearing rubyonrails-talk	1	135	February 15, 2011

Rails 3 flash message problems

Related topics

More Resources