Mark the info request name as safe - hidden_user_explanation's content will be escaped in the parent template. Strip content in the controller and mark as HTML safe.

author: Louise Crow <louise.crow@gmail.com> 2013-02-19 12:59:24 +0000
committer: Louise Crow <louise.crow@gmail.com> 2013-02-19 12:59:24 +0000
commit: 59e3aa6f0b24df25e525eeec12aefc04e0e61e5d (patch)
tree: 14d8a2694424ef2546a93a89d32a21956343d4d6 /app/controllers/admin_request_controller.rb
parent: e7067b87777b5f2dd301a852ca6f8f5af1f135b4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app/controllers/admin_request_controller.rb b/app/controllers/admin_request_controller.rb
index e39d55c7c..ed8de7755 100644
--- a/app/controllers/admin_request_controller.rb
+++ b/app/controllers/admin_request_controller.rb
@@ -379,7 +379,7 @@ class AdminRequestController < AdminController
                 ContactMailer.deliver_from_admin_message(
                         info_request.user,
                         subject,
-                        params[:explanation]
+                        params[:explanation].strip.html_safe
                     )
                 flash[:notice] = _("Your message to {{recipient_user_name}} has been sent",:recipient_user_name=>CGI.escapeHTML(info_request.user.name))
             else
author	Louise Crow <louise.crow@gmail.com>	2013-02-19 12:59:24 +0000
committer	Louise Crow <louise.crow@gmail.com>	2013-02-19 12:59:24 +0000
commit	59e3aa6f0b24df25e525eeec12aefc04e0e61e5d (patch)
tree	14d8a2694424ef2546a93a89d32a21956343d4d6 /app/controllers/admin_request_controller.rb
parent	e7067b87777b5f2dd301a852ca6f8f5af1f135b4 (diff)