diff options
| author | Matthew Landauer <matthew@openaustralia.org> | 2013-01-04 09:45:52 +1100 |
|---|---|---|
| committer | Matthew Landauer <matthew@openaustralia.org> | 2013-01-04 09:47:06 +1100 |
| commit | 44947335b285673591ef44c9c66efa584298e6ee (patch) | |
| tree | d2d37100701f0d4af3c72cd11c11fd9de2587ac7 /app/controllers/request_controller.rb | |
| parent | 463b003eb11071e52ad07c3808ac6924d0301dc0 (diff) | |
| parent | 1d71ab6d1aa7e5de00753f7b97a8158ee2bc3333 (diff) | |
Merge branch 'rails_xss' into rails-3-spike
Conflicts:
Gemfile
Gemfile.lock
app/views/request/_hidden_correspondence.rhtml
app/views/request/hidden.rhtml
app/views/request/new_please_describe.rhtml
app/views/user/show.rhtml
lib/i18n_fixes.rb
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index c4e37f4c3..17d2d9428 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -315,9 +315,9 @@ class RequestController < ApplicationController message = "" if @outgoing_message.contains_email? if @user.nil? - message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; else - message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; end message += _("<p>We recommend that you edit your request and remove the email address. If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>") @@ -618,7 +618,7 @@ class RequestController < ApplicationController if !params[:submitted_followup].nil? && !params[:reedit] if @info_request.allow_new_responses_from == 'nobody' - flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path] + flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe else if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body]) flash[:error] = _('You previously submitted that exact follow up message for this request.') |