diff options
| author | Matthew Landauer <matthew@openaustralia.org> | 2013-01-03 13:23:03 +1100 |
|---|---|---|
| committer | Matthew Landauer <matthew@openaustralia.org> | 2013-01-03 13:23:03 +1100 |
| commit | cf6f99f7167d271c4b84f8beebcd4a5d8a666a72 (patch) | |
| tree | 392cea52cbf1c2495216d132a707c620aa3cd141 /app/controllers/request_controller.rb | |
| parent | 0acab1169c4024747f622501075ca3ddeabd4195 (diff) | |
Escaping fixes involving the unpleasant mix of translations, html and string interpolation
Diffstat (limited to 'app/controllers/request_controller.rb')
| -rw-r--r-- | app/controllers/request_controller.rb | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/app/controllers/request_controller.rb b/app/controllers/request_controller.rb index c732a4b32..e82491bbe 100644 --- a/app/controllers/request_controller.rb +++ b/app/controllers/request_controller.rb @@ -320,9 +320,9 @@ class RequestController < ApplicationController message = "" if @outgoing_message.contains_email? if @user.nil? - message += _("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply, as we will ask for it on the next screen (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; else - message += _("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]; + message += (_("<p>You do not need to include your email in the request in order to get a reply (<a href=\"%s\">details</a>).</p>") % [help_privacy_path+"#email_address"]).html_safe; end message += _("<p>We recommend that you edit your request and remove the email address. If you leave it, the email address will be sent to the authority, but will not be displayed on the site.</p>") @@ -623,7 +623,7 @@ class RequestController < ApplicationController if !params[:submitted_followup].nil? && !params[:reedit] if @info_request.allow_new_responses_from == 'nobody' - flash[:error] = _('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path] + flash[:error] = (_('Your follow up has not been sent because this request has been stopped to prevent spam. Please <a href="%s">contact us</a> if you really want to send a follow up message.') % [help_contact_path]).html_safe else if @info_request.find_existing_outgoing_message(params[:outgoing_message][:body]) flash[:error] = _('You previously submitted that exact follow up message for this request.') |