Escape error messages in foi_error_messages_for

author: Matthew Landauer <matthew@openaustralia.org> 2013-01-03 10:59:51 +1100
committer: Matthew Landauer <matthew@openaustralia.org> 2013-01-03 10:59:51 +1100
commit: 3f17ab250d0ea54117c29e02f8e9d4a2acf81099 (patch)
tree: 88b80d18ee86eddfc399071ede3cec5b83f55bcb
parent: 7393ec37770a1cccf9a4f3530f6e2153cda0ddf7 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 6411cf27e..b9ba712a4 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -35,15 +35,15 @@ module ApplicationHelper
               end
           end
 
-          error_messages = []
+          error_messages = "".html_safe
           for object in objects
               object.errors.each do |attr, message|
-                  error_messages << content_tag(:li, message)
+                  error_messages << content_tag(:li, h(message))
               end
           end
 
           content_tag(:div,
-              content_tag(:ul, error_messages.join),
+              content_tag(:ul, error_messages),
             html
           )
         else
author	Matthew Landauer <matthew@openaustralia.org>	2013-01-03 10:59:51 +1100
committer	Matthew Landauer <matthew@openaustralia.org>	2013-01-03 10:59:51 +1100
commit	3f17ab250d0ea54117c29e02f8e9d4a2acf81099 (patch)
tree	88b80d18ee86eddfc399071ede3cec5b83f55bcb
parent	7393ec37770a1cccf9a4f3530f6e2153cda0ddf7 (diff)