Merge branch 'rails_xss' into rails-3-spike

Conflicts: Gemfile Gemfile.lock app/views/request/_hidden_correspondence.rhtml app/views/request/hidden.rhtml app/views/request/new_please_describe.rhtml app/views/user/show.rhtml lib/i18n_fixes.rb
author: Matthew Landauer <matthew@openaustralia.org> 2013-01-04 09:45:52 +1100
committer: Matthew Landauer <matthew@openaustralia.org> 2013-01-04 09:47:06 +1100
commit: 44947335b285673591ef44c9c66efa584298e6ee (patch)
tree: d2d37100701f0d4af3c72cd11c11fd9de2587ac7 /app/helpers/application_helper.rb
parent: 463b003eb11071e52ad07c3808ac6924d0301dc0 (diff)
parent: 1d71ab6d1aa7e5de00753f7b97a8158ee2bc3333 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/app/helpers/application_helper.rb b/app/helpers/application_helper.rb
index 6411cf27e..b9ba712a4 100644
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@@ -35,15 +35,15 @@ module ApplicationHelper
               end
           end
 
-          error_messages = []
+          error_messages = "".html_safe
           for object in objects
               object.errors.each do |attr, message|
-                  error_messages << content_tag(:li, message)
+                  error_messages << content_tag(:li, h(message))
               end
           end
 
           content_tag(:div,
-              content_tag(:ul, error_messages.join),
+              content_tag(:ul, error_messages),
             html
           )
         else
author	Matthew Landauer <matthew@openaustralia.org>	2013-01-04 09:45:52 +1100
committer	Matthew Landauer <matthew@openaustralia.org>	2013-01-04 09:47:06 +1100
commit	44947335b285673591ef44c9c66efa584298e6ee (patch)
tree	d2d37100701f0d4af3c72cd11c11fd9de2587ac7 /app/helpers/application_helper.rb
parent	463b003eb11071e52ad07c3808ac6924d0301dc0 (diff)
parent	1d71ab6d1aa7e5de00753f7b97a8158ee2bc3333 (diff)